how to list out ntfs permissions

Hi,

I would like to write a script to list out ntfs permissions. I tried with:

(get-acl -path \\testserver\d$\testdir).accesstostring

I get:

BUILTIN\Administrators Allow FullControl
REDMOND\testuser Allow Write, ReadAndExecute, Synchronize
S-1-5-21-2146773085-903363285-719344707-241418 Allow ReadAndExecute,
Synchronize
BUILTIN\Administrators Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl

When I do this from the gui, the
"S-1-5-21-2146773085-903363285-719344707-241418 Allow ReadAndExecute"
resolves correctly but now from PS. Doe anyone know how I can get around
this?

Thanks in advance,

Frank wrote: http://www.comptechdoc.org/os/window...rmissions.html

A bit of an assumption here... Since Read and Write each come with the
synchronize permission, it would seem 'Read and Execute' would also have
synchronize (since Read is there).

Synchronize seems to be a hidden permission so PowerShell is actually
more accurate.

You could likely drop the Synchronize when applying the permissions
elsewhere.

Marco

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com

On Nov 15, 2:14 pm, Frank <Fr...@xxxxxx> wrote: Hi Frank,

I presume you're talking about the SID not resolving to a domain
\username pair. Just for kicks, try explicitly resolving it in
Powershell:

PS> $sid = new-object security.principal.securityidentifier `
"S-1-5-21-2146773085-903363285-719344707-241418"
PS> $securityidentifier.translate( [security.principal.ntaccount] )

For more on this kind of thing, check out:

http://www.nivot.org/2007/08/20/Conv...owerShell.aspx

Hope this helps,

- Oisin / x0n

p.s. security tip: try to keep your actual SIDs secret in future ;-)

Oops! I read this too quickly. Oisin has the answer...

Marco