|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 |
- ### Get-NTFSAccess
- Returns a list of all access control entries found on the given object(s).
-
- #Get permissions from all files or folders in the current folder
- dir | Get-NTFSAccess
-
- #to read the permissions of a specific file
- Get-NTFSAccess -Path C:\Windows
-
- #### Get permissions from all files or folders in the current folder
-
- dir | Get-NTFSAccess
-
- #### To read and also remove only the explicitly assigned ones
-
- dir | Get-NTFSAccess -ExcludeInherited | Remove-NTFSAccess
-
- The pipeline support can also be used to backup and restore permissions of one or many items:
- PowerShell
-
- #### To backup permissions just pipe what Get-NTFSAccess returns to Export-Csv
-
- dir | Get-NTFSAccess -ExcludeInherited | Export-Csv permissions.csv
-
- #### To retore the permissions pipe the imported data to Get-NTFSAccess
-
- As the imported data also contains the path you do not need to specify the item
-
- Import-Csv .\permissions.csv | Get-NTFSAccess
-
- All cmdlets can handle SIDs and also SamAccountNames. The output contains always both unless a SID is not resolvable.
- The types.ps1xml file is extending the common objects with some useful information and the format.ps1xml file formats all the output in almost the same way like the Get-ChildItem output.
-
- By implementing the [Process Privilege http://processprivileges.codeplex.com/] project the cmdlets can activate the required privileges for setting the ownership for example.
-
-
- # Add-NTFSAccess
- Adds a specific ace to the current object. This can be done in just one line:
-
- Get-Item .\VMWare | Add-NTFSAccess -Account Contoso\JohnD -AccessRights FullControl
-
- # Get-NTFSAccess
-
- Gives you a list of all permissions . normally you are interested not in the inherited permissions so the switch ExcludeInherited can be useful
-
- Get-Item F:\backup | Get-NTFSAccess –ExcludeInherited
-
-
- ## Filtering works with Where-Object
-
- Get-Item F:\backup | Get-NTFSAccess | Where-Object { $_.ID -like "*users*" }
-
- # Get-NTFS Orphaned Access
-
- Lists all permissions that can no longer be resolved. This normally happens if the account is no longer available so the permissions show up as a SID and not as an account name.
-
- To remove all non-resolvable or orphaned permissions you can use the following line. But be very careful with that as maybe the account is not resolvable due to a network problem.
-
- dir -Recurse | Get-NTFSOrphanedAccess | Remove-NTFSAccess
-
- # Remove- NTFSAccess
-
- Removes the permission for a certain account. As the pipeline is supported it takes also
- ACEs coming from Get-NTFSAccess or Get-NTFSOrphanedAccess
-
-
- # Get-NTFSEffectiveAccess
-
- Shows the permissions an account actually has on a file or folder. If no parameter is specified it shows the effective permissions for the current user. However you can supply a user by using the SID or account name
- PowerShell
-
- Get-Item F:\backup | Get-NTFSEffectiveAccess -Account S-1-5-32-545
-
- # Get-NTFSInheritance
- Shows if inheritance is blocked
-
- # Enable-NTFSInheritance
- It can be a problem if certain files or folders on a volume have inheritance disabled. Making sure that inheritance is enabled can be done using this cmdlets:
-
- Get-Item .\Data -Recurse | Enable-NTFSAccessInheritance
-
- # Disable-NTFSInheritance
- See Enable-NTFSInheritance
-
- # Get-NTFSOwner
- Shows the owner of a file or folder
-
- dir -Recurse | Get-NTFSOwner
-
- # Set-NTFSOwner
- Sets the owner to a specific account like:
-
- Get-Item .\Data | Set-NTFSOwner -Account builtin\administrators
|
