Get files ACLs with PowerShell

Recently I needed to get all the user permissions for all the files (with a specific extension) in a given folder (with subfolders). I had to get these information from a Windows Server machine, so I wrote a simple PowerShell script.

With user permissions we refer to the FileSystemRights for example:

  • Full Control
  • Read
  • Write
  • Execute

You can find the complete FileSystemRights enumeration here: FileSystemRights Enumeration.

Given the root folder of our document, we are going to use the Get-ChildItem cmlet to get the items and child items in the specified locations.
For each item we are going to use the Get-Acl cmlet to get the security descriptor for the resource.

The Get-Act returns a System.Security.AccessControl.FileSystemSecurity object, we are interested to the Access property (a System.Collections.ReadOnlyCollectionBase object).

Each element of the collection contains the information that we need:

  • IdentityReference: Represents an identity (we are going to remove the machine name/domain from the value). System.Security.Principal.IdentityReference type
  • AccessControlType: Enumerative that Allow or Deny the system rights specified later
  • FileSystemRights: list of all the rights (enumerative of FileSystemRights)

Once we collected these information for each file, we are going to save them to a CSV file.

PowerShell script (set your root, CSV output file and extension):

This is how the output looks like:

PowerShell: copy files and folders

Last day I came a across a request: copy some files and folders in automatic way from a folder to another one, keeping the file system tree structure.
At the beginning I thought about writing a Python script (for the sake of simplicity 🙂 ) but to avoid to install Python on the server (a Windows 2012 Server), I moved to PowerShell.

The script I wrote, takes the following input parameters:

  • sourceDir: the path of the root folder to copy
  • targetDir: the path of the destination folder
  • extensionToKeep: list of the file extension to copy (if not provided, all the files will be copied)
  • forceOverwrite: if true the eventually same destination files will be replaced with the new one

Here you can find the script:

To run the script: