Find which folders a user has access to using Get-Acl and PowerShell

This one-liner will retrieve list folders that a specific user has access to. More specifically, it will list folders where a user has an entry in the Access Control List.

Because some of the lines are very long, you can use ‘View source’ when hovering over the code to see it on one line.

It has been tested on Windows 7 64-bit but should work on all versions of Windows compatible with PowerShell and .NET.

The one-liner is under the heading To Use but first we’ll look at the components parts to help us understand how it works.

Using Get-ChildItem, Get-Acl and Read-Host

Get-ChildItem produces a list of items (files and folders) to check. It is filtered to return of a list of containers (folders) only. To see an example in action, triple-click the desired line, copy it to the clipboard and right-click a PowerShell window to paste and run it.

# List all files and folders in current location
Get-ChildItem
# List all folders in current location
Get-ChildItem | where {$_.PSIsContainer}
# List all files and folders in current location and every sub-folder
Get-ChildItem -recurse
# List all folders in current location and every sub-folder
Get-ChildItem -recurse | where {$_.PSIsContainer}
# List all folders in sub-folders one level deep (this does not list folders in the current location, only sub-folders one level deep)
Get-ChildItem  | where {$_.PSIsContainer} | Get-ChildItem | where {$_.PSIsContainer}

Get-Acl retrieves the security descriptor of a file or resource. To see if a user is listed under the Access section, we compare the user’s Security Identifier (SID) with the Security Descriptor Definition Language (SDDL) section. To see an example in action, triple-click the desired line, copy it to the clipboard and right-click a PowerShell window to paste and run it.

# Format-List shows the complete security descriptor
# List security descriptors of all files and folders in current location
Get-ChildItem | Get-Acl | Format-List
# List security descriptors of all folders in current location
Get-ChildItem | where {$_.PSIsContainer} | Get-Acl | Format-List

Read-Host gets data from the user (in this case, a user name) and then we need to convert the user name into a Security Identifier (SID). To do that, please read the article Retrieving a user’s SID (Security Identifier) using PowerShell. To see an example in action, triple-click the desired line, copy it to the clipboard and right-click a PowerShell window to paste and run it.

# Prompt the user for data
Read-Host "User name?"
# Prompt the user for data and remember it in variable $UserName
$UserName = Read-Host "User name?"
# Display the contents of the variable $UserName
$UserName

To use

  • To get this into PowerShell, triple-click the line, copy it to the clipboard and right-click inside your PowerShell window to paste and run it.
  • Enter the user name you wish to look for.
    • The user name is not case-sensitive.
# List all folders and sub-folders that a user has access to in the current location
$UserName = Read-Host "User name?" ; Get-ChildItem -recurse | where {$_.PSIsContainer} | get-acl | where {$_.SDDL -match (New-Object System.Security.Principal.NTAccount($UserName)).Translate([System.Security.Principal.SecurityIdentifier]).Value}
Advertisements

Retrieving a user’s SID (Security Identifier) using PowerShell

This one-liner will retrieve a user’s Security Identifier (SID) using PowerShell. Because it is a long line, you can use ‘View source’ when hovering over the code to see it in full.

It has been tested on Windows 7 64-bit but should work on all versions of Windows compatible with PowerShell and .NET.

There are three versions listed. The first will prompt you for the user name, the second has the user name hard-coded into the line and the third is a function you can add to your PowerShell profile.

Prompt

  • To get this into PowerShell, triple-click the line, copy it the clipboard then right-click inside your PowerShell window to paste and run it.
  • Enter the user name of the account you require the SID of.
    • The user name is not case-sensitive.
# Ask for a user name and get their SID
(New-Object System.Security.Principal.NTAccount(Read-Host "User name?")).Translate([System.Security.Principal.SecurityIdentifier]).Value

Hard-Coded

You can hard-code the user name.

  • To get this into PowerShell, triple-click the line, copy it the clipboard then right-click inside your PowerShell window to paste and run it.
  • Change USERNAME to the user name of the account you require the SID of.
    • The user name is not case-sensitive.
# Get the SID of a specific user
(New-Object System.Security.Principal.NTAccount("USERNAME")).Translate([System.Security.Principal.SecurityIdentifier]).Value

Profile Function

You can add a Get-SID cmdlet to your PowerShell environment.

When this is done, the cmdlet Get-SID will be available. You can then type Get-SID followed by a user name to retrieve their SID, for example, Get-SID Administrator.

The syntax is Get-SID [-UserName] <string>.

  • Edit and / or create your PowerShell profile script and add the function below.
    • The location of the profile is (in PowerShell) $profile. If it does not exist, you will need to create the folder it is in before editing it using the command notepad $profile.
  • Close PowerShell and open it again. The cmdlet Get-SID is now available.
Function Get-SID
         ([Parameter(Mandatory=$true)] [string] $UserName)
{
  (New-Object System.Security.Principal.NTAccount($UserName)).Translate([System.Security.Principal.SecurityIdentifier]).Value
}

Slimm GBPVR 1.7.3245.23786 released

GB-PVR

To install:

For all details regarding current version, please see documentation which is installed alongside the utility and is available in the GBPVR start menu group.

 

This release:

Tray Features

  • Registry setting DeleteComskipFiles removed and replaced with DeleteExtensionsAfterPlayback. This contains a list of extensions that will be recycled by SlimmGBPVR after playback of a file has finished. For example, given the extensions ".log;.fif" and a recording filename of "C:\recording.mpg", SlimmGBPVR will attempt to recycle "C:\recording.log", "C:\recording.fif", "C:\recording.mpg.log" and "C:\recording.mpg.fif".
  • Added ability to sort lists of recordings. It is used to reorder the items in the reoccurring menu.
  • SlimmGBPVR now supports gif, png and jpg ChannelLogos. Requested by b00sfuk.

GBPVRcli Features

  • /orderby switch added. Requested by liteswap.
  • /playing switch added. Requested by liteswap. Note: this information actually reports which completed recordings have their files locked. A file is locked when it is being played but it will also be locked when transcoding is taking place or Windows is creating a thumbnail, for example, so it may not always produce the expected result.

 

Support:

You can post support queries on the Slimm GB-PVR forum hosted at GB-PVR.com.

 

Donations:

Donations gratefully accepted. Click the button to send me £1 or more. Thanks.

Slimm GBPVR 1.7.3071.20981 released

GB-PVR

To install:

For all details regarding current version, please see documentation which is installed alongside the utility and is available in the GBPVR start menu group.

This release:

Features

  • Configuration form hides option to launch GBPVR.exe if the file does not exist.
  • Slimm GBPVR will always launch PVRX2 if GBPVR.exe does not exist.
  • Added ProcessPriorityOfGBPVR to Registry settings.
  • Tray Configuration Startup understands new and old shortcut for GB-PVR Tray.

Bug Fixes

  • Deleting a recording that still exists on the menu but doesn’t exist on the disk no longer results in a Directory Not Found exception.
  • Turn Off and Restart operations now cancelled if GB-PVR is recording.

Support:

You can post support queries on the Slimm GB-PVR forum hosted at GB-PVR.com.

Donations:

Donations gratefully accepted. Click the button to send me £1. Thanks.

Slimm GBPVR 1.7.3058.20146 released

GB-PVR

To install:

For all details regarding current version, please see documentation which is installed alongside the utility and is available in the GBPVR start menu group.

This release:

Features

  • Standby now intercepted and cancelled during recordings. Slimm GBPVR will standby after the recording session finishes.

Support:

You can post support queries on the Slimm GB-PVR forum hosted at GB-PVR.com.

Donations:

Donations gratefully accepted. Click the button to send me £1. Thanks.

Slimm GB-PVR version 1.6.2830.18691 released

GB-PVR

To install:

For all details regarding current version, please see documentation which is installed alongside the utility and is available in the GBPVR start menu group.

 

This release:

GBPVRcli Features

  • Tokens {MinutesToStart} and {MinutesToStartWithPadding} added. Requested by pvruser.

Slimm GBPVR Features

  • Added ProcessPriorityOfPlayedRecording to registry settings.
  • The About menu item now contains live tuner status that is updated every couple of seconds. About is also now displayed when requesting Tuner Status from the Tools menu. Requested by deusxmachina.

 

Support:

You can post support queries on the Slimm GB-PVR forum hosted at GB-PVR.com.

 

Donations:

Donations gratefully accepted. Click the button to send me £1 (or more!). Thanks.

Slimm GB-PVR version 1.6.2802.20754 released

GB-PVR

To install:

For all details regarding current version, please see documentation which is installed alongside the utility and is available in the GBPVR start menu group.

This release:

Features

  • Red conflict icon added to Conflicts menu to aid understanding of system tray icon when it turns red.
  • Icons help page added to detail specifically what each of the tray utility’s icon displays means.
  • Command-line arguments for GBPVR.exe and PVRX2.exe now implemented.

Support:

You can post support queries on the Slimm GB-PVR forum hosted at GB-PVR.com.

Donations:

Donations gratefully accepted. Click the button to send me £1. Thanks.