I am trying to query for a list of users/groups having access to some shared location. However in some folders even administrator doesnt have permission, So the script I have come up with will skip those files/folders, but I am not sure why its not logging in to error.log. Any idea ?
$success = @()
$failed = @()
gci $vStartingPath -recurse|
foreach-object {
$success = @()
$failed = @()
foreach-object {
if (get-acl $.fullname){
$success += get-acl $.fullname |select pschildname, pspath, accesstostring
}
else {$failed += “Failed to get ACL on $($_.fullname)”}
}
One of the features it offers is enabling the SeBackupPrivilege, which will let you completely ignore the DACLs on the files and folders that are giving you trouble (of course you have to have been granted that privilege, which is usually only for admins and/or backup operators). An example of using it to export all of the ACEs for your $vStartingPath location would look like this: