jasonpatrickellykrause
commented
5 years ago To be fair, this seems to be common across PowerShell now that I look at other modules. 😳
Maybe I'll leave this here to help someone else. - DenverCoder9
Closed jasonpatrickellykrause closed 1 year ago
jasonpatrickellykrause
commented
5 years ago To be fair, this seems to be common across PowerShell now that I look at other modules. 😳
Maybe I'll leave this here to help someone else. - DenverCoder9
mwtrigg
commented
5 years ago Actually, without the trailing backslash, any cmdlet appears to interpret $env:SystemDrive as the current directory, not specifically C:\Windows\System32
Set-Location
Get-ChildItem
Get-Acl
etc.
raandree
commented
5 years ago I am not sure what this is about. I have just tested on my computer and both commands work as expected.
PS C:\> Get-NTFSAccess -Path "$env:SystemDrive"
Path: C:\Users\randr (Inheritance disabled)
Account Access Rights Applies to Type IsInherited InheritedFrom
------- ------------- ---------- ---- ----------- -------------
NT AUTHORITY\SYSTEM FullControl ThisFolderSubfoldersAn... Allow False
BUILTIN\Administrators FullControl ThisFolderSubfoldersAn... Allow False
RAANDREE1\randr FullControl ThisFolderSubfoldersAn... Allow False
PS C:\> Get-NTFSAccess -Path "$env:SystemDrive\"
Path: C:\ (Inheritance enabled)
Account Access Rights Applies to Type IsInherited InheritedFrom
------- ------------- ---------- ---- ----------- -------------
Everyone Traverse, R... ThisFolderOnly Allow False
NT AUTHORITY\RESTRICTED Traverse, R... ThisFolderOnly Allow False
NT AUTHORITY\SYSTEM FullControl ThisFolderOnly Allow False
BUILTIN\Administrators FullControl ThisFolderOnly Allow FalseAm I doing something wrong? Using PowerShell 5.1 on Windows 10 1809.
mwtrigg
commented
5 years ago Did you not notice that you received different results with and without the slash? While, I would say this issue could be closed as it relates to this module, and I would say that this module reports data in a manner consistent with native PowerShell modules, I would hardly say that this behavior is expected.
In any event, this is not really an issue with NTFSSecurity module; it is an issue that should be opendd with Microsoft.
PS C:\> Get-Location
Path
----
C:\Program Files
PS C:\> Get-Acl $Env:SystemDrive
Directory: C:\
Path Owner Access
---- ----- ------
Program Files NT SERVICE\TrustedInstaller CREATOR OWNER Allow 268435456...
PS C:\> Get-Acl $Env:SystemDrive\
Directory:
Path Owner Access
---- ----- ------
C:\ NT SERVICE\TrustedInstaller NT AUTHORITY\Authenticated Users Allow AppendData...
PS C:\> Get-Acl -Path C:
Directory: C:\
Path Owner Access
---- ----- ------
Program Files NT SERVICE\TrustedInstaller CREATOR OWNER Allow 268435456...
PS C:\> Get-Acl -Path C:\
Directory:
Path Owner Access
---- ----- ------
C:\ NT SERVICE\TrustedInstaller NT AUTHORITY\Authenticated Users Allow AppendData...
Sup3rlativ3
commented
4 years ago Just in case anyone was looking for a work around, you can use the below to get the expected result.
PS C:\> Get-NTFSAccess -Path ($env:SystemDrive + '\')
Path: C:\ (Inheritance enabled)
Account Access Rights Applies to Type IsInherited InheritedFrom ------- ------------- ---------- ---- ----------- ------------- Everyone Traverse, R... ThisFolderOnly Allow False
NT AUTHORITY\RESTRICTED Traverse, R... ThisFolderOnly Allow False
NT AUTHORITY\SYSTEM FullControl ThisFolderOnly Allow False
BUILTIN\Administrators FullControl ThisFolderOnly Allow False
Executing Get-NTFSAccess against $env:SystemDrive (or C:) returns access for System32 directory. Adding a backslash to either seems to work fine.
Doesn't work
PS C:\> $env:SystemDriveC:PS C:\> Get-NTFSAccess -Path "$env:SystemDrive"Path: C:\Windows\system32 (Inheritance disabled)'Works
Get-NTFSAccess -Path "$env:SystemDrive\"