Get the Access Control List (permissions) for a file or registry key.
Syntax
get-acl [[-Path] path [] ] [-Filter String]
[-Include String] [-Exclude String]
[-Audit []] [-UseTransaction] [CommonParameters]
Key
-Path path The path to the item {may be piped}
-Filter String Filter elements as required and supported by providers
-Include String Item(s) upon which Get-acl will act, wildcards are permitted
-Exclude String Item(s) upon which Get-acl is not to act
-Audit Retrieve audit data for this item from the System ACL
-UseTransaction Include the command in the active transaction.
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
Examples
Get ACL information for the Windows directory:
PS C:\> get-acl C:\windows
Get ACL information for C:\Windows expanding the individual ACEs (access control entries)
PS C:\> $mywin = get-acl -path "c:\windows" | select -expand access
PS C:\> $mywin[0]
Get ACL information for all of the .log files in the Windows directory beginning with k.
Display output as a table showing the Path and the owner of each file:
PS C:\> get-acl C:\Windows\k*.log | format-table Path,owner
Retrieve HKLM\SYSTEM\CurrentControlSet\Control from the registry:
PS C:\> get-acl -path hklm:\system\currentcontrolset\control | format-list
“It's easier to ask forgiveness than it is to get permission” ~ Rear Admiral Grace Hopper
Related PowerShell Cmdlets:
set-acl - Set permissions.
NTFS Security Module - Raimund Andrée MSFT.