1

I have the Powershell command to access the ACL access.

$folderPermissionList = (Get-Acl -path "C:\Program Files\Logs").Access | ?{$_.IdentityReference -match "$BUILTIN\\Users"} If($folderPermissionList.FileSystemRights -match "FullControl") { & icacls.exe "C:\Program Files\Logs" /Q /T /remove "BUILTIN\Users" }

When execute this command on my Windows 10 PC, it is stuck and no output. But when execute the same command on Windows server PC, it is working as expected listed the permissions list.

My requirement is, need to get the ACL list of the particular folder and check the users permissions.

I don't know why it is not executing on Windows 10 OS. Any idea?

Improve this question
3
  • 1
    Did you run it as an elevated user on the Windows 10 client? And what version of PowerShell are you using on those two machines? Commented Sep 1, 2021 at 7:27
  • 1
    What does "stuck" mean? At which line does that happen, exactly? Are you sure that PowerShell is stuck, or could it be icacls.exe? Commented Sep 1, 2021 at 7:41
  • Yes i ran the script with elevated permission & it got stuck in the line "& icacls.exe "C:\Program Files\Logs" /Q /T /remove "BUILTIN\Users"" for long time. Powershell version is 5.1.19041.1151 Commented Sep 6, 2021 at 17:06

1 Answer 1

Reset to default
1 
Where IdentityReference -match "$BUILTIN\\Users"

is wrong.

You're using a double-quoted string, and those are subject to variable interpolation. If you don't have a variable called $BUILTIN, the above will resolve to \\Users. Which will look like it works, but might match more than you wanted.

But if you do have a variable called $BUILTIN, all bets are off what this ends up as. I'm guessing you intended to match against the string 'BUILTIN\Users'.

It's generally better to use single quoted-strings when writing regular expressions in PowerShell:

Where IdentityReference -match 'BUILTIN\\Users'

But even better - since you are not pattern-matching anyway, but comparing against a fixed string - is this:

Where IdentityReference -eq 'BUILTIN\Users'

This works just fine:

(Get-Acl -path "C:\Program Files").Access | Where IdentityReference -eq 'BUILTIN\Users'
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.