‘Sup PSHomies! It will be a thing… trust me…
Before the NTFSSecurity module there was a little known trick I used to get the NTFS rights on longpath folders: \\?\
There’s just one catch… It only works with windows command utilities. ICACLS, MD, ATTRIB can all make use of this prefix.
Let’s say I wanted to read the NTFS rights on a longpath folder using icacls. The command for this would be:
Notice the <DriveLetter:> syntax? Well that’s because \\?\ can only be used as a prefix in front of a DriveLetter. It did mean that I had to make a drivemapping, an inconvenience I didn’t mind one bit!
Ok I’ll admit that I tried using a UNCPath, but that didn’t work… can’t blame a brother for trying eh? 😉
While I was using the NTFSSecurity module (Did I mention how much I love this module?) I got an access denied on a folder (No that’s not the exciting part). What I did noticed was a familiar prefix of sorts: \\?\UNC\
So you can use the UNCPath as well! All I had to do was omit the ‘\\’ from the path. Say I wanted to read the NTFS rights on ‘\\SERVERX\SHARE\Longpath’ the syntax would be:
Awesome right?!!! Now you might be asking yourself: ‘Well that’s all gravy Urv, but why bother? Why not just use the NTFSSecurity module?”
There’s an old saying that goes: “A poor workman always blames his tools…”
There may be times when PowerShell isn’t readily available to you (I know perish the thought!). Sometimes you have to make do with what’s available! When it comes to manipulating NTFS rights you should be proficient in using different tools/utilities. I’ll admit while I love PowerShell Set-Acl has to be my least favorite cmdlet!
So what’s next?
Well imagine enumerating a longpath folder without errors and retrieving the NTFS rights.
Looking at the output, you should be able to do some neat formatting using regular expressions! Hey! I didn’t say you weren’t allowed to use PowerShell at all… Regular Expressions… Not my forte… Any takers in the PowerShell community? 🙂
Having alternative methods for retrieving NTFS rights is always a good thing. You can always use an alternative methods for verification. Get-Acl (Get-Acl2 if using NTFSSecurity), ICACLS and the security tab (Always use Advanced mode) are my methods of choice for verification.
Hope it’s worth something to you
PS. powershell.com has some great posts how to handle NTFS the PowerShell way! 😉
- Create folder with NTFS Permissions
- Managing NTFS Permissions
- Getting Explicit NTFS Permissions
- Removing Explicit NTFS Permissions
- Manage NTFS Permission Inheritance