PowerShell - Get-ACL not returning all permissions

0
votes


I tried to read out permissions from various folders with the Get-ACL cmdlet.
It works well and I can see the authorized users with Get-ACL $path | %{$_.Access}. But I noticed that some permissions are missing.
If I go into any folders properties > Security (Tab) > Advanced I am able to see the respective permissions and to what they apply to.
Some permissions are set to apply to nothing and those are not shown by Get-ACL.

This leads me to my question:
Is there any way to read out the Applies to field of an acl?
I tried using the .NET function [System.IO.Directory]::GetAccessControl() but it didn't provide this information.

Any help or hint is highly appreciated!

EDIT:

To clarify the issue I took some screenshots:

This shows the permission that is set to apply to "nothing".
It seems as if this is an error, since I am not able to select "nothing" for any other permission entry.

Permission that applies to nothing

And this is the acl as returned via Powershell ("OWNER RIGHTS" is missing):

The "nothing" permission does not show

1
powershellacl

1 Answers

0
votes

Applies to "nothing" is not a valid value AFAIK, so here we need proof.

The Applies to field is a combination of InheritanceFlags and PropagationFlags, and the value "None" in both of those equals Applies to this folder only. Those will show with Get-ACL.

PS C:\Users\frode> (Get-Acl .\Desktop\test).Access

#Applies to: Subfolder and files only
FileSystemRights  : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : frode-pc\frode
IsInherited       : False
InheritanceFlags  : ContainerInherit, ObjectInherit
PropagationFlags  : InheritOnly

#Applies to: This folder only
FileSystemRights  : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : frode-pc\frodetest
IsInherited       : False
InheritanceFlags  : None