github twitter linkedin
Get those ACLs with PowerShell
21 Apr 2011
One minute read

If I want to view the access permissions to a particular directory in Windows I can always go to the folder itself and check the security properties on the folder:

But that is boring, lets use PowerShell!!!

The cmdlet (commandlet) of choice for this is going to be: Get-Acl

I will let you dive into this command and try to figure it out, but this is the one-liner I use most often that gives me the information I want to know about the SQL Server directory:

$a = (Get-Acl -Path 'D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL')
$a.Access | Select-Object FileSystemRights, AccessControlType, IdentityReference, IsInherited | ft -auto

Here is a screenshot of the output:

Now that is for a folder, what if I wanted to do it for a Registry hive as well? It works the same way with the exception of two things: (1) Your “Path” is changed to the registry hive of choice (HKLM, HKCU, etc) and (2) the “Select-Object” portion. Instead of “FileSystemRights” you would change that to “RegistryRights”, like so:

$a = (Get-Acl -Path 'HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server')
$a.Access | Select-Object RegistryRights, AccessControlType, IdentityReference, IsInherited | ft -auto

Here is screenshot of the output:

Back to posts