This is the built-in help made by Microsoft for the command 'Get-Acl', in PowerShell version 3 - as retrieved from
Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Gets the security descriptor for a resource, such as a file or registry key.
Get-Acl [[-Path] <String[]>] [-AllCentralAccessPolicies [<SwitchParameter>]] [-Audit [<SwitchParameter>]] [-Exclude <String[]>] [-Filter
<String>] [-Include <String[]>] [-UseTransaction [<SwitchParameter>]] [<CommonParameters>]
Get-Acl [-AllCentralAccessPolicies [<SwitchParameter>]] [-Audit [<SwitchParameter>]] [-Exclude <String[]>] [-Filter <String>] [-Include
<String[]>] -InputObject <PSObject> [-UseTransaction [<SwitchParameter>]] [<CommonParameters>]
Get-Acl [-AllCentralAccessPolicies [<SwitchParameter>]] [-Audit [<SwitchParameter>]] [-Exclude <String[]>] [-Filter <String>] [-Include
<String[]>] [-LiteralPath <String[]>] [-UseTransaction [<SwitchParameter>]] [<CommonParameters>]
The Get-Acl cmdlet gets objects that represent the security descriptor of a file or resource. The security descriptor contains the access
control lists (ACLs) of the resource. The ACL specifies the permissions that users and user groups have to access the resource.
Beginning in Windows PowerShell 3.0, you can use the InputObject parameter of Get-Acl to get the security descriptor of objects that do not
have a path.
<
Online Version: http://go.microsoft.com/fwlink/?LinkID=113305
Set-Acl
<
-------------------------- EXAMPLE 1 --------------------------
PS C:\> Get-Acl C:\Windows
This command gets the security descriptor of the C:Windows directory.
-------------------------- EXAMPLE 2 --------------------------
PS C:\> Get-Acl C:\Windows\k*.log | Format-List -Property PSPath, Sddl
This command gets the Windows PowerShell path and SDDL for all of the .log files in the C:\Windows directory whose names begin with "k."
The command uses the Get-Acl cmdlet to get objects representing the security descriptors of each log file. It uses a pipeline operator (|) to
send the results to the Format-List cmdlet. The command uses the Property parameter of Format-List to display only the PsPath and SDDL
properties of each security descriptor object.
Lists are often used in Windows PowerShell, because long values appear truncated in tables.
The SDDL values are valuable to system administrators, because they are simple text strings that contain all of the information in the
security descriptor. As such, they are easy to pass and store, and they can be parsed when needed.
-------------------------- EXAMPLE 3 --------------------------
PS C:\> Get-Acl C:/Windows/k*.log -Audit | Foreach-Object { $_.Audit.Count }
This command gets the security descriptors of the .log files in the C:\Windows directory whose names begin with "k." It uses the Audit
parameter to get the audit records from the SACL in the security descriptor. Then it uses theForEach-Object cmdlet to count the number of
audit records associated with each file. The result is a list of numbers representing the number of audit records for each log file.
-------------------------- EXAMPLE 4 --------------------------
PS C:\> Get-Acl -Path HKLM:\System\CurrentControlSet\Control | Format-List
This command uses the Get-Acl cmdlet to get the security descriptor of the Control subkey (HKLM\SYSTEM\CurrentControlSet\Control) of the
registry.
The Path parameter specifies the Control subkey. The pipeline operator (|) passes the security descriptor that Get-Acl gets to the Format-List
command, which formats the properties of the security descriptor as a list so that they are easy to read.
Example 5
PS C:\> Get-Acl -InputObject (Get-StorageSubsystem -Name S087)
This command uses the InputObject parameter of Get-Acl to get the security descriptor of a storage subsystem object.