static void Main(string[] args)
{
var item1 = new FileInfo("D:\\file1.txt");
var item2 = new DirectoryInfo("D:\\test3");
var account1 = new List <IdentityReference2>()
{
(IdentityReference2)@"raandree1\randr_000"
};
FileSystemAccessRule2.AddFileSystemAccessRule(item1, account1, FileSystemRights2.FullControl, AccessControlType.Allow, InheritanceFlags.ContainerInherit, PropagationFlags.None);
return;
var path = @"C:\Windows";
var account = @"raandree1\randr_000";
var server = "localhost";
var sd = Directory.GetAccessControl(path, AccessControlSections.Access);
var id = new IdentityReference2(account);
EffectiveAccess.GetEffectiveAccess(new FileInfo(path), id, "localhost");
var result1 = InvokeCommand("gi2 c:\\windows");
var result2 = InvokeCommand(@"gi -Path D:\SingleMachine\ | Get-EffectiveAccess")
.Select(ace => ace.ImmediateBaseObject)
.Cast <FileSystemAccessRule2>().ToList();
foreach (var ace in result2)
{
Console.WriteLine(string.Format("{0};{1}", ace.Account, ace.IsInherited));
}
Console.ReadKey();
}
protected override void ProcessRecord()
{
FileSystemInfo item = null;
foreach (var path in paths)
{
EffectiveAccessInfo result = null;
try
{
item = this.GetFileSystemInfo2(path);
}
catch (Exception ex)
{
this.WriteError(new ErrorRecord(ex, "ReadFileError", ErrorCategory.OpenError, path));
continue;
}
try
{
result = EffectiveAccess.GetEffectiveAccess(item, account, serverName);
if (!result.FromRemote)
{
WriteWarning("The effective rights can only be computed based on group membership on this" +
" computer. For more accurate results, calculate effective access rights on " +
"the target computer");
}
if (result.OperationFailed && securityPrivilege == null)
{
var ex = new Exception(string.Format("Could not get effective permissions from machine '{0}' maybe because the 'Security' privilege is not enabled which might be required. Enable the priviliges using 'Enable-Privileges'. The error was '{1}'", serverName, result.AuthzException.Message), result.AuthzException);
WriteError(new ErrorRecord(ex, "GetEffectiveAccessError", ErrorCategory.ReadError, item));
continue;
}
else if (result.OperationFailed)
{
var ex = new Exception(string.Format("Could not get effective permissions from machine '{0}'. The error is '{1}'", serverName, result.AuthzException.Message), result.AuthzException);
WriteError(new ErrorRecord(ex, "GetEffectiveAccessError", ErrorCategory.ReadError, item));
continue;
}
if (excludeNoneAccessEntries && result.Ace.AccessRights == FileSystemRights2.None)
{
continue;
}
}
//not sure if the following catch block willb be invoked, testing needed.
catch (UnauthorizedAccessException)
{
try
{
var ownerInfo = FileSystemOwner.GetOwner(item);
var previousOwner = ownerInfo.Owner;
FileSystemOwner.SetOwner(item, System.Security.Principal.WindowsIdentity.GetCurrent().User);
//--------------------
result = EffectiveAccess.GetEffectiveAccess(item, account, serverName);
if (!result.FromRemote)
{
WriteWarning("The effective rights can only be computed based on group membership on this" +
" computer. For more accurate results, calculate effective access rights on " +
"the target computer");
}
if (result.OperationFailed && securityPrivilege == null)
{
var ex = new Exception(string.Format("Could not get effective permissions from machine '{0}' maybe because the 'Security' privilege is not enabled which might be required. Enable the priviliges using 'Enable-Privileges'. The error was '{1}'", serverName, result.AuthzException.Message), result.AuthzException);
WriteError(new ErrorRecord(ex, "GetEffectiveAccessError", ErrorCategory.ReadError, item));
continue;
}
else if (result.OperationFailed)
{
var ex = new Exception(string.Format("Could not get effective permissions from machine '{0}'. The error is '{1}'", serverName, result.AuthzException.Message), result.AuthzException);
WriteError(new ErrorRecord(ex, "GetEffectiveAccessError", ErrorCategory.ReadError, item));
continue;
}
if (excludeNoneAccessEntries && result.Ace.AccessRights == FileSystemRights2.None)
{
continue;
}
//--------------------
FileSystemOwner.SetOwner(item, previousOwner);
}
catch (Exception ex2)
{
this.WriteError(new ErrorRecord(ex2, "ReadSecurityError", ErrorCategory.WriteError, path));
}
}
catch (Exception ex)
{
WriteError(new ErrorRecord(ex, "ReadEffectivePermissionError", ErrorCategory.ReadError, path));
}
finally
{
if (result != null)
{
WriteObject(result.Ace);
}
}
}
}