Tricky use of Get-Acl
Question
When using the Get-ACL cmdlet it returns a single object that's a bit of a pain to deal with.
Path Owner Access
---- ----- ------
Test2 Owner NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
NT AUTHORITY\SYSTEM Allow FullControl
Using something like (Get-ACL D:\\test2).Access gives much nicer output - an item per permission:
FileSystemRights : Modify, Synchronize
AccessControlType : Allow
IdentityReference : NT AUTHORITY\Authenticated Users
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : NT AUTHORITY\SYSTEM
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
Due to the way the rest of my script works, this is what I need to be presented with after the Get-ACL operation. However, the rest of my script is nested within a For-Each off this Get-ACL and when using the above example, you can't then call $acl.AddAccessRule as this call only seems to work straight off a regular $acl = Get-ACL "Some Path" and not $acl = (get-ACL "some path").Access
The error I see is:
Method invocation failed because [System.Security.AccessControl.FileSystemAccessRule] does not contain a method named 'AddAccessRule'.
Is there a way around this, whereby I am presented with the information in example 2, but can still call the .AddAccessRule without having to run another Get-ACL just to be able to do this?
1 answers
solution1
1 ACCPTED 2015-09-02 21:44:38
Use something like this:
$acl = Get-Acl "Some Path"
$access = $acl.Access
# Do stuff with $access
$acl.AddAccessRule
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.