The Get-Acl cmdlet in PowerShell’s Security module (Microsoft.PowerShell.Security) does a great job of getting file or folder permissions (aka the Access Control List or ACL). But getting useful info from the default output can take some getting used to.

Instead, it’d be great to simply be able to see what the Security tab of a file, folder or other resource displays, but without having to go through the File Explorer UI and multiple clicks.

Security tab of folder properties in Windows
Figure 1: Security tab of a folder in Windows Explorer

One-liner: Get file or folder permissions

Here’s a one-liner to do exactly that:

(get-acl <folder name>).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto

The output:
PowerShell Output of Get-Acl

The Get-Permissions function

Want to make the output more readable? Here’s a PowerShell function that uses custom labels (titles in each column of the table).

You can either save it as a PowerShell script or add it to your PowerShell profile so it’s always available.

  function Get-Permissions ($folder) {
  (get-acl $folder).access | select `
		@{Label="Identity";Expression={$_.IdentityReference}}, `
		@{Label="Right";Expression={$_.FileSystemRights}}, `
		@{Label="Access";Expression={$_.AccessControlType}}, `
		@{Label="Inherited";Expression={$_.IsInherited}}, `
		@{Label="Inheritance Flags";Expression={$_.InheritanceFlags}}, `
		@{Label="Propagation Flags";Expression={$_.PropagationFlags}} | ft -auto

You can omit the two inheritance-related properties if you don’t need that information.

Now you can use Get-Permissions with the folder name:

Get-Permissions c:\myfolder

The output:
Screenshot: Output of Get-Permissions function

You can also pipe output from the dir, ls or gci commands, all of which are PowerShell aliases for the Get-ChildItem cmdlet.

dir <path> | % {Get-Permissions -path $_.fullname}

A function to open file or folder Properties in Explorer

If you really like to see the permissions in the File Explorer GUI, you can use this function to open the Properties > General page of the file or folder. (I haven’t found a way to directly open the Security tab. If you know how to do this, please share in the post comments.).

function Get-Properties ($path) {
	#exit if path not found
	if (-not ($path | Test-Path)) {
        Write-Host "$path not found. Please specify a valid file or folder path." -foregroundcolor red
        return }
	$o = new-object -com Shell.Application
	$item = get-item $path
	if ($item.gettype() -eq [System.IO.DirectoryInfo]) {
		write-host "Found folder $path... Getting properties"	
		$fso = $o.Namespace("$path")
	if ($item.gettype() -eq [System.IO.FileInfo])
		{write-host "Found file $path... Getting properties"		
		$fso = $o.Namespace($item.directoryname)
		$file = $fso.parsename($item.pschildname)

Now just use Get-Properties <Folder of file name> to quickly open the file or folder’s properties page from the shell.

Screenshot: File or folder Properties > General tab
Figure 2: Use the Get-Properties function to quickly open a file or folder’s Properties from PowerShell

File System Security PowerShell Module

Microsoft PFE Raimund Andrée published the File System Security PowerShell Module a while ago. It adds some useful cmdlets to manage file system permissions using PowerShell. Also checkout his corresponding blog posts Weekend Scripter: Use PowerShell to Get, Add, and Remove NTFS Permissions and NTFSSecurity Tutorial 2 – Managing NTFS Inheritance and Using Privileges.


eDiscovery transition in Office 365: Exchange Online eDiscovery transition delayed

Microsoft’s planned transition of eDiscovery features in SharePoint Online and Exchange Online to the Security and Compliance Center (SCC), a new, unified security and compliance console has been delayed. Figure 1 eDiscovery in Office 365 Security and Compliance Center Microsoft had earlier announced that the transition would take place on July 1, 2017. You would […]

More →

eDiscovery transition in Office 365: What you need to know

On July 1, 2017, Microsoft will transition the workload-specific eDiscovery features – In-Place eDiscovery and In-Place Hold in Exchange Online and the eDiscovery Center in SharePoint Online, to the Security and Compliance Center, a new, unified security and compliance console. The documentation for these features was updated a long time ago to reflect these upcoming […]

More →

Windows Server 2012 support lifecycle extended

Microsoft has extended product support lifecycle for Windows Server 2012 to align with the standard product lifecycle support timeline. Mainstream Support for Windows Server 2012 now ends on Oct. 9th, 2018. The new end of Extended Support date is Oct. 10th, 2023. Both can be found here. Microsoft Product Lifecycle Microsoft product lifecycle dictates how […]

More →

Dealing with WordPress’ Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint

On Thursday, released WordPress 4.7.2, fixing the following four vulnerabilities. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is […]

More →

Enable remote desktop (RDP) connections for admins on Windows Server 2016

Windows Server 2016 has reached the General Availability (GA) milestone today. You can download it from your volume licensing site or MSDN. You can also create Azure VMs with Windows 2016. The latest and greatest Windows Server has many new Remote Desktop features. See What’s New in Remote Desktop Services in Windows Server 2016 for […]

More →

BleachBit’s claim of permanently deleting emails from Exchange

In a recent news segment featuring BleachBit, Fox Business questioned whether Democratic presidential nominee Hillary Clinton may have used the software to permanently delete emails from her mail server. The segment features BleachBit lead developer Andrew Viem. Politics and click bait headlines aside, readers will find the claims interesting. How to delete secret emails from […]

More →

Google adds Microsoft Exchange support to Gmail app for Android

Google has announced Microsoft Exchange support in its Gmail client for Android. Exchange ActiveSync (EAS) is the ubiquitous protocol for mobile email clients to sync with Exchange Server, Office 365, and other products/services that license it. EAS support in the Gmail client now allows it to access both Exchange Server and Exchange Online, the on-premises […]

More →

Use a PowerShell function to find an email address in Exchange

Exchange admins frequently need to find an Exchange recipient with a specified email address, particularly for generic organizational addresses such as [email protected] Five and a half ways to find an email address in Microsoft Exchange and Active Directory lists a few ways to do it, including PowerShell. If you do this frequently, you can add […]

More →

Use a PowerShell function to get AutoDiscover XML

If you manage Exchange or support Exchange Online users, you may need to retrieve the AutoDiscover XML response. You can use the Test E-mail AutoConfiguration option in Outlook or the AutoDiscover tests in Microsoft Remote Connectivity Analyzer to retrieve the AutoDiscover response. The good news is you can also use a PowerShell one-liner or function […]

More →