Get-NTFSAccess does not actually contain Initial output

[TheFitITGuy]

When trying to access the array of information from the output. It shows that the "Access Rights", "Applies to" are not actually available but only for view. Upon further investigation I found that the "Access Rights" is actually "AccessRights" but Applies to is not actually within the output. Which makes trying to use the information to correct ntfs problems an issue.

[mwtrigg]

"Applies to" is just a simpler representation of "InheritanceFlags" and "PropagationFlags", so while you can't directly filter on the "Applies to" computed value, you can filter on the appropriate combination of the flags. A breakdown of how these flags work together to create the several options can be found here:

https://stackoverflow.com/questions/3282656/setting-inheritance-and-propagation-flags-with-set-acl-and-powershell#8390274

Admittedly, it would be nice if the simplified/computed value was available to filter, but that sounds more like a feature request than a bug or issue.

[TheFitITGuy]

Agreed. Its a nice to have but it is available in Set-NTFSAccess . I just thought I would point it out

[raandree]

Thanks @mwtrigg for your input which is all correct.

There is a method that helps doing the conversion. This code can also be used in a Where-Object filter.

$pf = [System.Security.AccessControl.PropagationFlags]::None
$if = [System.Security.AccessControl.InheritanceFlags]::None

[Security2.FileSystemSecurity2]::ConvertToFileSystemFlags([Security2.ApplyTo]::SubfoldersAndFilesOnlyOneLevel, [ref]$if, [ref]$pf)

$if
$pf