Combining Get-ACL results into 1 object

Question

Please excuse my beginner level powershell. I want to be able to combine the results of different results of Get-ACL into one object that'll later be exported

At the very basic level all I want is to combine different results of different folders for code below:

$test = (get-acl $path).Access | select -ExpandProperty IdentityReference

This gives me a result of:

Value                                         
-----                                         
NT AUTHORITY\SYSTEM                           
BUILTIN\Administrators                        
Etc
Etc

I want an object that will be like some thing like this (plus more columns, about 4-5 total):


Folder1                      Folder2                                    
-----                        -------                           
NT AUTHORITY\SYSTEM          NT AUTHORITY\SYSTEM                  
BUILTIN\Administrators       BUILTIN\Administrators                 
Etc                          Etc
Etc                          Etc

I tried exploring building a custom object, but I couldn't find a way to list the objects values properly like my first results

$Custom = New-Object PSObject
$Custom | Add-Member -type NoteProperty -name Folder1 -value $test.value

Gives me:

Folder1                                                                        
-------                                                                        
{NT AUTHORITY\SYSTEM, BUILTIN\Administrators, etc, etc ...}

How can I handle this to give me a result like the first object and then in turn add more to the custom object?

Thanks in advance, Lou

Based on your description, I think what you need is simply a collection of objects. See my answer, let me know — VA systems engineer, Sep 15 '19 at 14:05

score 0 · Answer 1 · answered Sep 15 '19 at 02:56

Based on your description, I think what you need is simply a collection of objects, i.e., $aclObjectList

This script captures a collection where each object is the type of object returned by get-acl. I do this just so I can show you the path property of each object to demonstrate that each object is for one of the three folders involved

Then, the script loops through the array of get-acl objects and outputs the path and IdentityReference of each

If you want to export a single object, then export $aclObjectList

cls

#define and declare an array. A System.Collections.ArrayList can be big and is fast
$aclObjectList = New-Object System.Collections.ArrayList
$aclObjectList.clear()

$path = "C:\Temp\topFolder\Folder 1"
$aclObject  = (get-acl $path)
$aclObjectList.Add($aclObject) | Out-Null

$path = "C:\Temp\topFolder\Folder 2"
$aclObject  = (get-acl $path)
$aclObjectList.Add($aclObject) | Out-Null

$path = "C:\Temp\topFolder\Folder 3"
$aclObject  = (get-acl $path)
$aclObjectList.Add($aclObject) | Out-Null

foreach ($aclObject in $aclObjectList)
{
    write-host ($aclObject.Path)
    $aclAccessObject = $aclObject.Access | select -ExpandProperty IdentityReference

    foreach ($aclAccessItem in $aclAccessObject)
    {
        write-host ("item=" + $aclAccessItem.Value)
    }

    write-host
}

Output is:

Microsoft.PowerShell.Core\FileSystem::C:\Temp\topFolder\Folder 1
item=BUILTIN\Administrators
item=NT AUTHORITY\SYSTEM
item=BUILTIN\Users
item=NT AUTHORITY\Authenticated Users
item=NT AUTHORITY\Authenticated Users

Microsoft.PowerShell.Core\FileSystem::C:\Temp\topFolder\Folder 2
item=BUILTIN\Administrators
item=NT AUTHORITY\SYSTEM
item=BUILTIN\Users
item=NT AUTHORITY\Authenticated Users
item=NT AUTHORITY\Authenticated Users

Microsoft.PowerShell.Core\FileSystem::C:\Temp\topFolder\Folder 3
item=BUILTIN\Administrators
item=NT AUTHORITY\SYSTEM
item=BUILTIN\Users
item=NT AUTHORITY\Authenticated Users
item=NT AUTHORITY\Authenticated Users

By the way, the datatype of the object returned by get-acl is a System.Security.AccessControl.DirectorySecurity. You can see this by, e.g., piping one of the $aclObject variables to Get-Member:

$aclObject | Get-Member

TypeName: System.Security.AccessControl.DirectorySecurity

Name                            MemberType     Definition                                                                                                                                                   
----                            ----------     ----------                                                                                                                                                   
Access                          CodeProperty   System.Security.AccessControl.AuthorizationRuleCollection Access{get=GetAccess;}                                                                             
CentralAccessPolicyId           CodeProperty   System.Security.Principal.SecurityIdentifier CentralAccessPolicyId{get=GetCentralAccessPolicyId;}                                                            
CentralAccessPolicyName         CodeProperty   System.String CentralAccessPolicyName{get=GetCentralAccessPolicyName;}                                                                                       
Group                           CodeProperty   System.String Group{get=GetGroup;}                                                                                                                           
Owner                           CodeProperty   System.String Owner{get=GetOwner;}                                                                                                                           
Path                            CodeProperty   System.String Path{get=GetPath;}                                                                                                                             
Sddl                            CodeProperty   System.String Sddl{get=GetSddl;}                                                                                                                             
AccessRuleFactory               Method         System.Security.AccessControl.AccessRule AccessRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited...
AddAccessRule                   Method         void AddAccessRule(System.Security.AccessControl.FileSystemAccessRule rule)                                                                                  
AddAuditRule                    Method         void AddAuditRule(System.Security.AccessControl.FileSystemAuditRule rule)                                                                                    
AuditRuleFactory                Method         System.Security.AccessControl.AuditRule AuditRuleFactory(System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, ...
Equals                          Method         bool Equals(System.Object obj)                                                                                                                               
GetAccessRules                  Method         System.Security.AccessControl.AuthorizationRuleCollection GetAccessRules(bool includeExplicit, bool includeInherited, type targetType)                       
GetAuditRules                   Method         System.Security.AccessControl.AuthorizationRuleCollection GetAuditRules(bool includeExplicit, bool includeInherited, type targetType)                        
GetGroup                        Method         System.Security.Principal.IdentityReference GetGroup(type targetType)                                                                                        
GetHashCode                     Method         int GetHashCode()                                                                                                                                            
GetOwner                        Method         System.Security.Principal.IdentityReference GetOwner(type targetType)                                                                                        
GetSecurityDescriptorBinaryForm Method         byte[] GetSecurityDescriptorBinaryForm()                                                                                                                     
GetSecurityDescriptorSddlForm   Method         string GetSecurityDescriptorSddlForm(System.Security.AccessControl.AccessControlSections includeSections)                                                    
GetType                         Method         type GetType()                                                                                                                                               
ModifyAccessRule                Method         bool ModifyAccessRule(System.Security.AccessControl.AccessControlModification modification, System.Security.AccessControl.AccessRule rule, [ref] bool modi...
ModifyAuditRule                 Method         bool ModifyAuditRule(System.Security.AccessControl.AccessControlModification modification, System.Security.AccessControl.AuditRule rule, [ref] bool modified)
PurgeAccessRules                Method         void PurgeAccessRules(System.Security.Principal.IdentityReference identity)                                                                                  
PurgeAuditRules                 Method         void PurgeAuditRules(System.Security.Principal.IdentityReference identity)                                                                                   
RemoveAccessRule                Method         bool RemoveAccessRule(System.Security.AccessControl.FileSystemAccessRule rule)                                                                               
RemoveAccessRuleAll             Method         void RemoveAccessRuleAll(System.Security.AccessControl.FileSystemAccessRule rule)                                                                            
RemoveAccessRuleSpecific        Method         void RemoveAccessRuleSpecific(System.Security.AccessControl.FileSystemAccessRule rule)                                                                       
RemoveAuditRule                 Method         bool RemoveAuditRule(System.Security.AccessControl.FileSystemAuditRule rule)                                                                                 
RemoveAuditRuleAll              Method         void RemoveAuditRuleAll(System.Security.AccessControl.FileSystemAuditRule rule)                                                                              
RemoveAuditRuleSpecific         Method         void RemoveAuditRuleSpecific(System.Security.AccessControl.FileSystemAuditRule rule)                                                                         
ResetAccessRule                 Method         void ResetAccessRule(System.Security.AccessControl.FileSystemAccessRule rule)                                                                                
SetAccessRule                   Method         void SetAccessRule(System.Security.AccessControl.FileSystemAccessRule rule)                                                                                  
SetAccessRuleProtection         Method         void SetAccessRuleProtection(bool isProtected, bool preserveInheritance)                                                                                     
SetAuditRule                    Method         void SetAuditRule(System.Security.AccessControl.FileSystemAuditRule rule)                                                                                    
SetAuditRuleProtection          Method         void SetAuditRuleProtection(bool isProtected, bool preserveInheritance)                                                                                      
SetGroup                        Method         void SetGroup(System.Security.Principal.IdentityReference identity)                                                                                          
SetOwner                        Method         void SetOwner(System.Security.Principal.IdentityReference identity)                                                                                          
SetSecurityDescriptorBinaryForm Method         void SetSecurityDescriptorBinaryForm(byte[] binaryForm), void SetSecurityDescriptorBinaryForm(byte[] binaryForm, System.Security.AccessControl.AccessContr...
SetSecurityDescriptorSddlForm   Method         void SetSecurityDescriptorSddlForm(string sddlForm), void SetSecurityDescriptorSddlForm(string sddlForm, System.Security.AccessControl.AccessControlSectio...
ToString                        Method         string ToString()                                                                                                                                            
PSChildName                     NoteProperty   string PSChildName=Folder 1                                                                                                                                  
PSDrive                         NoteProperty   PSDriveInfo PSDrive=C                                                                                                                                        
PSParentPath                    NoteProperty   string PSParentPath=Microsoft.PowerShell.Core\FileSystem::C:\Temp\topFolder                                                                                  
PSPath                          NoteProperty   string PSPath=Microsoft.PowerShell.Core\FileSystem::C:\Temp\topFolder\Folder 1                                                                               
PSProvider                      NoteProperty   ProviderInfo PSProvider=Microsoft.PowerShell.Core\FileSystem                                                                                                 
AccessRightType                 Property       type AccessRightType {get;}                                                                                                                                  
AccessRuleType                  Property       type AccessRuleType {get;}                                                                                                                                   
AreAccessRulesCanonical         Property       bool AreAccessRulesCanonical {get;}                                                                                                                          
AreAccessRulesProtected         Property       bool AreAccessRulesProtected {get;}                                                                                                                          
AreAuditRulesCanonical          Property       bool AreAuditRulesCanonical {get;}                                                                                                                           
AreAuditRulesProtected          Property       bool AreAuditRulesProtected {get;}                                                                                                                           
AuditRuleType                   Property       type AuditRuleType {get;}                                                                                                                                    
AccessToString                  ScriptProperty System.Object AccessToString {get=$toString = "";...                                                                                                         
AuditToString                   ScriptProperty System.Object AuditToString {get=$toString = "";...

Combining Get-ACL results into 1 object

1 Answers1