具有Powershell文件夹的过时ACL

Question

I use Powershell to pull in data about user accounts, some of which includes details about an user's home folder.

I have been using get-item on folders to get the ACL to make sure an user has proper access to their home folder. An example of my code is:

((get-item C:\exampleFolder).GetAccessControl('access')).Access

This provided me the list I needed and works great. However, if an user's username changes, it can take some time (like 5- 10 minutes) before Powershell can see the change even though viewing the folder's properties reflects the changes nearly instantaneously.

I am just seeing if there is a better way to pull the ACL data so that what I see in folder property page is what Powershell gets.

first world issue for me really, just trying to make my code a little bit more efficient.

Edit: This is a change in a username on a domain though Active Directory, not a username on a local machine.

Answer 1

There is the Get-ACL Cmdlet. This will output an object with an Access property listing all users with Access and their Access Level.

If you want to, you could use this to make a function to get more explicit data like this:

  function Get-Permissions ($folder) {
  (get-acl $folder).access | select `
        @{Label="Identity";Expression={$_.IdentityReference}}, `
        @{Label="Right";Expression={$_.FileSystemRights}}, `
        @{Label="Access";Expression={$_.AccessControlType}}, `
        @{Label="Inherited";Expression={$_.IsInherited}}, `
        @{Label="Inheritance Flags";Expression={$_.InheritanceFlags}}, `
        @{Label="Propagation Flags";Expression={$_.PropagationFlags}}
        }

This you could easily pipe on to a | Format-Table -Auto | Format-Table -Auto or however you wish to visually consume your output.