Powershell Command : Get-Acl

Get-Acl :

Used to get the Security settings for a resource such as  folder, files, registry etc..

Get-Acl Description :

The Get-Acl cmdlet is used for finding the security descriptor of a resource. ACL is called as the Access Control List, it will contain the permissions ie the security descriptor of the resource like the permissions for a user or a group.

Get-Acl Syntax :

Parameter Set: ByPath
Get-Acl [[-Path] <String[]> ] [-AllCentralAccessPolicies] [-Audit] [-Exclude <String[]> ] [-Filter <String> ] [-Include <String[]> ] [-UseTransaction] [ <CommonParameters>]

Parameter Set: ByInputObject
Get-Acl -InputObject <PSObject> [-AllCentralAccessPolicies] [-Audit] [-Exclude <String[]> ] [-Filter <String> ] [-Include <String[]> ] [-UseTransaction] [ <CommonParameters>]

Parameter Set: ByLiteralPath
Get-Acl [-AllCentralAccessPolicies] [-Audit] [-Exclude <String[]> ] [-Filter <String> ] [-Include <String[]> ] [-LiteralPath <String[]> ] [-UseTransaction] [ <CommonParameters>]

Get-Acl Parameters :

-Audit [<SwitchParameter>]

It will get the Audit data of a resource from the SACL (System Access Control List)

-Exclude <string[]>

It was used for excluding specific items.

-Filter <string>

It was used for filtering certain objects according to our needs, here we can use the wildcard characters to filter the objects.

-Include <string[]>

It was used for retrieving specific items, here we can use the wildcard characters.

-Path <string[]>

It was used to specify the path to a resource.

-UseTransaction [<SwitchParameter>]

It was used when a transaction is in progress.


-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable, -OutBuffer -OutVariable.

Get-Acl Examples :

1) Retrieves ACL settings for the mentioned directory.

C:PS>get-acl C:windows

2) Gets the ACL information of the log file beginning with k and displays them as a table with the properties PSPath and Sddl

C:PS>get-acl C:Windowsk*.log | format-list -property PSPath, Sddl

3) It retrieves the audit records for the log file and displays the count for each audit record.

C:PS>get-ACL c:/windows/k*.log -Audit | foreach-object { $_.Audit.Count }

4) It retrieves the ACL information of the below mentioned registry and list them.

C:PS>get-acl -path hklm:systemcurrentcontrolsetcontrol | format-list

