Solved: Re: Reading ACLs and DACLs through powershell

Prudhviraj17 · ‎2022-07-09

Trying to read the Security group information of CIFS shares via PowerShell but it is not showing full information in the o/p.

PS C:\WINDOWS\system32> Get-NcFileDirectorySecurity -Path /test

NcController : 10.147.134.59
SecurityStyle : ntfs
EffectiveStyle : ntfs
DosAttributes : 16
DosAttributesText : ----D---
DosAttributesExpanded :
UnixUserId : 0
UnixGroupId : 0
UnixModeBits : 777
Acls : {NTFS Security Descriptor, Control:0x9504, Owner:\xxxxadmin, Group:BUILTIN\Administrators...}
Inode : 64
Path : /test

This is the o/p i am getting from powershell . Please help me how to get full information.

This is what I see from the manual command.

cluster01:> vserver security file-directory show -vserver xxxx -path /test

Vserver:xxxx
File Path: /test
File Inode Number: 64
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0
UNIX Group Id: 0
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x9504
Owner:ADS\xxxx
Group:BUILTIN\Administrators
DACL - ACEs
ALLOW-S-1-5-21-1935655697-515967899-682003330-165437-0x1f01ff-OI|CI
ALLOW-ADS\xxx-0x1f01ff-OI|CI
ALLOW-ADS\yyyyy-0x1f01ff-OI|CI
ALLOW-ADS\zzzz-0x1f01ff-OI|CI
ALLOW-ADS\Domain Users-0x1200a9-OI|CI

hmoubara · ‎2022-07-12

Hello @Prudhviraj17

You should be able to change the value for FormatEnumerationLimit; the default is 4.

Increase this value to something large enough to show more items. You may also change the value to -1 and be sure that it will output all entries in your collection from the very start.

PS C:\Users\Administrator.DEMO> $FormatEnumerationLimit
4
PS C:\Users\Administrator.DEMO> $FormatEnumerationLimit = -1

PS C:\Users\Administrator.DEMO>

Before:

PS C:\Users\Administrator.DEMO> Get-NcFileDirectorySecurity -path /vol1 -VserverContext vserver

NcController : x.x.x.x
SecurityStyle : ntfs
EffectiveStyle : ntfs
DosAttributes : 16
DosAttributesText : ----D---
DosAttributesExpanded :
UnixUserId : 0
UnixGroupId : 0
UnixModeBits : 777
Acls : {NTFS Security Descriptor, Control:0x8004, Owner:BUILTIN\Administrators, Group:BUILTIN\Administrators...}
Inode : 64
Path : /vol1

After:

PS C:\Users\Administrator.DEMO> Get-NcFileDirectorySecurity -path /vol1 -VserverContext vserver

NcController : x.x.x.x
SecurityStyle : ntfs
EffectiveStyle : ntfs
DosAttributes : 16
DosAttributesText : ----D---
DosAttributesExpanded :
UnixUserId : 0
UnixGroupId : 0
UnixModeBits : 777
Acls : {NTFS Security Descriptor, Control:0x8004, Owner:BUILTIN\Administrators, Group:BUILTIN\Administrators, DACL - ACEs, ALLOW-Everyone-0x1f01ff, ALLOW-Everyone-0x10000000-OI|CI|IO}
Inode : 64
Path : /vol1

Hope this answer your question.

Thanks

View solution in original post

hmoubara · ‎2022-07-12

Hello @Prudhviraj17

You should be able to change the value for FormatEnumerationLimit; the default is 4.

Increase this value to something large enough to show more items. You may also change the value to -1 and be sure that it will output all entries in your collection from the very start.

PS C:\Users\Administrator.DEMO> $FormatEnumerationLimit
4
PS C:\Users\Administrator.DEMO> $FormatEnumerationLimit = -1

PS C:\Users\Administrator.DEMO>

Before:

PS C:\Users\Administrator.DEMO> Get-NcFileDirectorySecurity -path /vol1 -VserverContext vserver

NcController : x.x.x.x
SecurityStyle : ntfs
EffectiveStyle : ntfs
DosAttributes : 16
DosAttributesText : ----D---
DosAttributesExpanded :
UnixUserId : 0
UnixGroupId : 0
UnixModeBits : 777
Acls : {NTFS Security Descriptor, Control:0x8004, Owner:BUILTIN\Administrators, Group:BUILTIN\Administrators...}
Inode : 64
Path : /vol1

After:

PS C:\Users\Administrator.DEMO> Get-NcFileDirectorySecurity -path /vol1 -VserverContext vserver

NcController : x.x.x.x
SecurityStyle : ntfs
EffectiveStyle : ntfs
DosAttributes : 16
DosAttributesText : ----D---
DosAttributesExpanded :
UnixUserId : 0
UnixGroupId : 0
UnixModeBits : 777
Acls : {NTFS Security Descriptor, Control:0x8004, Owner:BUILTIN\Administrators, Group:BUILTIN\Administrators, DACL - ACEs, ALLOW-Everyone-0x1f01ff, ALLOW-Everyone-0x10000000-OI|CI|IO}
Inode : 64
Path : /vol1

Hope this answer your question.

Thanks

Prudhviraj17 · ‎2022-07-12

Thanks @hmoubara . It worked.

Reading ACLs and DACLs through powershell

Get ready to power on