Get the Access Control List (permissions) for a file or registry key.
Syntax
Get-Acl [[-Path] path [] ] [-Filter String]
[-Include String] [-Exclude String]
[-Audit []] [-UseTransaction] [CommonParameters]
Key
-Path path The path to the item {may be piped}
-Filter String Filter elements as required and supported by providers
-Include String Item(s) upon which Get-acl will act, wildcards are permitted
-Exclude String Item(s) upon which Get-acl is not to act
-Audit Retrieve audit data for this item from the System ACL
-UseTransaction Include the command in the active transaction.
Get ACL information for the Windows directory:
PS C:\> Get-Acl C:\windows
Copy all the ACL information from the C:\source\ folder onto D:\teams\dest\
Get-ACL C:\source | Set-Acl D:\teams\dest
Get ACL information for C:\Windows expanding the individual ACEs (access control entries)
PS C:\> $mywin = Get-Acl -path "c:\windows" | Select-Object -expand access
PS C:\> $mywin[0]
Get ACL information for all of the .log files in the Windows directory beginning with k.
Display output as a table showing the Path and the owner of each file:
PS C:\> Get-Acl C:\Windows\k*.log | Format-Table Path,owner
Retrieve HKLM\SYSTEM\CurrentControlSet\Control from the registry:
PS C:\> Get-Acl -path hklm:\system\currentcontrolset\control | format-list
Find the owner (creator) of a DNS record [more detailed ownership report here]:
PS C:\> (Get-Acl 'AD:\DC=MyFavoriteDNSRecord,DC=windevcluster.contoso.com').Owner
“It’s easier to ask forgiveness than it is to get permission” ~ Rear Admiral Grace Hopper
Set-Acl - Set permissions.
NTFS Security Module - Get/Set ACLs, inheritance, ownership and other permissions missing from Get/Set-Acl [Raimund Andrée MSFT].