名前 Get-Acl 概要 Gets the security descriptor for a resource, such as a file or registry key. 構文 Get-Acl [[-Path] ] [-AllCentralAccessPolicies] [-Audit] [-Exclude ] [-Filter ] [ -Include ] [-UseTransaction []] [] Get-Acl [-AllCentralAccessPolicies] [-Audit] [-Exclude ] [-Filter ] [-Include ] -InputObject [-UseTransaction []] [] Get-Acl [-AllCentralAccessPolicies] [-Audit] [-Exclude ] [-Filter ] [-Include ] [-LiteralPath ] [-UseTransaction []] [] 説明 The Get-Acl cmdlet gets objects that represent the security descriptor of a file or resource. The security d escriptor contains the access control lists (ACLs) of the resource. The ACL specifies the permissions that u sers and user groups have to access the resource. Beginning in Windows PowerShell 3.0, you can use the InputObject parameter of Get-Acl to get the security de scriptor of objects that do not have a path. パラメーター -Audit [] Gets the audit data for the security descriptor from the system access control list (SACL). 必須 false 位置 named 既定値 パイプライン入力を許可する false ワイルドカード文字を許可する false -Exclude Omits the specified items. The value of this parameter qualifies the Path parameter. Enter a path elemen t or pattern, such as "*.txt". Wildcards are permitted. 必須 false 位置 named 既定値 パイプライン入力を許可する false ワイルドカード文字を許可する true -Filter Specifies a filter in the provider's format or language. The value of this parameter qualifies the Path parameter. The syntax of the filter, including the use of wildcards, depends on the provider. Filters ar e more efficient than other parameters, because the provider applies them when gettting the objects, rat her than having Windows PowerShell filter the objects after they are retrieved. 必須 false 位置 named 既定値 パイプライン入力を許可する false ワイルドカード文字を許可する true -Include Gets only the specified items. The value of this parameter qualifies the Path parameter. Enter a path el ement or pattern, such as "*.txt". Wildcards are permitted. 必須 false 位置 named 既定値 パイプライン入力を許可する false ワイルドカード文字を許可する true -Path Specifies the path to a resource. Get-Acl gets the security descriptor of the resource indicated by the path. Wildcards are permitted. If you omit the Path parameter, Get-Acl gets the security descriptor of t he current directory. The parameter name ("Path") is optional. 必須 false 位置 1 既定値 パイプライン入力を許可する true (ByValue, ByPropertyName) ワイルドカード文字を許可する true -AllCentralAccessPolicies [] Gets information about all central access policies that are enabled on the computer. Beginning in Windows Server 2012, administrators can use Active Directory and Group Policy to set centr al access policies for users and groups. For more information, see "Central Access Policies" at http://g o.microsoft.com/fwlink/?LinkId=238408. This parameter is introduced in Windows PowerShell 3.0. 必須 false 位置 named 既定値 False パイプライン入力を許可する false ワイルドカード文字を許可する false -InputObject Gets the security descriptor for the specified object. Enter a variable that contains the object or a co mmand that gets the object. You cannot pipe an object, other than a path, to Get-Acl. Instead, use the InputObject parameter explici tly in the command. This parameter is introduced in Windows PowerShell 3.0. 必須 true 位置 named 既定値 パイプライン入力を許可する false ワイルドカード文字を許可する false -LiteralPath Specifies the path to a resource. Unlike Path, the value of the LiteralPath parameter is used exactly as it is typed. No characters are interpreted as wildcards. If the path includes escape characters, enclos e it in single quotation marks. Single quotation marks tell Windows PowerShell not to interpret any char acters as escape sequences. This parameter is introduced in Windows PowerShell 3.0. 必須 false 位置 named 既定値 パイプライン入力を許可する true (ByValue, ByPropertyName) ワイルドカード文字を許可する false -UseTransaction [] Includes the command in the active transaction. This parameter is valid only when a transaction is in pr ogress. For more information, see 必須 false 位置 named 既定値 false パイプライン入力を許可する false ワイルドカード文字を許可する false このコマンドレットは、次の共通パラメーターをサポートします: Verbose、 Debug、ErrorAction、ErrorVariable、WarningAction、WarningVariable、 OutBuffer, PipelineVariable、および OutVariable。詳細については、 about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216) を参照してください。 入力 System.String You can pipe a string that contains a path to Get-Acl. 出力 System.Security.AccessControl Get-Acl returns an object that represents the ACLs that it gets. The object type depends upon the ACL ty pe. メモ By default, Get-Acl displays the Windows PowerShell path to the resource (::), the owner of the resource, and "Access", a list (array) of the access control entries in the discretiona ry access control list (DACL) for the resource. The DACL list is controlled by the resource owner. When you format the result as a list, ("Get-Acl | Format-List"), in addition to the path, owner, and acc ess list, Windows PowerShell displays the following properties and property values: -- Group: The security group of the owner. -- Audit: A list (array) of entries in the system access control list (SACL). The SACL specifies the ty pes of access attempts for which Windows generates audit records. -- Sddl: The security descriptor of the resource displayed in a single text string in Security Descripto r Definition Language format. Windows PowerShell uses the GetSddlForm method of security descriptors to get this data. Because Get-Acl is supported by the file system and registry providers, you can use Get-Acl to view the ACL of file system objects, such as files and directories, and registry objects, such as registry keys a nd entries. -------------------------- EXAMPLE 1 -------------------------- PS C:\>Get-Acl C:\Windows This command gets the security descriptor of the C:Windows directory. -------------------------- EXAMPLE 2 -------------------------- PS C:\>Get-Acl C:\Windows\k*.log | Format-List -Property PSPath, Sddl This command gets the Windows PowerShell path and SDDL for all of the .log files in the C:\Windows directory whose names begin with "k." The command uses the Get-Acl cmdlet to get objects representing the security descriptors of each log file. I t uses a pipeline operator (|) to send the results to the Format-List cmdlet. The command uses the Property parameter of Format-List to display only the PsPath and SDDL properties of each security descriptor object. Lists are often used in Windows PowerShell, because long values appear truncated in tables. The SDDL values are valuable to system administrators, because they are simple text strings that contain all of the information in the security descriptor. As such, they are easy to pass and store, and they can be pa rsed when needed. -------------------------- EXAMPLE 3 -------------------------- PS C:\>Get-Acl C:/Windows/k*.log -Audit | Foreach-Object { $_.Audit.Count } This command gets the security descriptors of the .log files in the C:\Windows directory whose names begin w ith "k." It uses the Audit parameter to get the audit records from the SACL in the security descriptor. Then it uses theForEach-Object cmdlet to count the number of audit records associated with each file. The result is a list of numbers representing the number of audit records for each log file. -------------------------- EXAMPLE 4 -------------------------- PS C:\>Get-Acl -Path HKLM:\System\CurrentControlSet\Control | Format-List This command uses the Get-Acl cmdlet to get the security descriptor of the Control subkey (HKLM\SYSTEM\Curre ntControlSet\Control) of the registry. The Path parameter specifies the Control subkey. The pipeline operator (|) passes the security descriptor th at Get-Acl gets to the Format-List command, which formats the properties of the security descriptor as a lis t so that they are easy to read. Example 5 PS C:\>Get-Acl -InputObject (Get-StorageSubsystem -Name S087) This command uses the InputObject parameter of Get-Acl to get the security descriptor of a storage subsystem object. 関連するリンク Online Version: http://go.microsoft.com/fwlink/p/?linkid=293934 Set-Acl