CODEWITHSUNDEEP
powershell
Scott G
Scott G

Reputation: 1

On which system is get-acl resolved?

I've inherited a Powershell script that a remote customer uses to recursively search for directories and exports (to csv) multiple ACL values including Path, Owner, FileSystemRights, IdentifyReference, and AccessControlType. The script works great, but I am curious as to how the flow actually takes place. Below is partial script to show code relevant to my question below.

//Partial script begin:

get-childitem $rootdir -recurse | where-object {$_.psIscontainer -eq $true} | foreach-object {
  $a = ($_.Fullname)
  $b = (get-acl $_.Fullname).Owner
  $c = (get-acl $_.Fullname).Access

  foreach ($c1 in $c) {
    $d = $c1.FileSystemRights
    $e = $c1.AccessControlType

//Partial script end.

To my question: If running this script on a remote system, using admin privileges and variable $rootdir = \\someshare, on which system does the get-acl get resolved...on the system hosting the folder structure, or the remote system running the PS script and mapped to the share folder?

Thanks.

// My original question may have been a bit nebulous, so hopefully I can clarify a bit. By using get-acl on a remote system and mapped to a server share folder, will invoking get-acl cause any resource hit on the server during the ACL resolution process...disk I/O, memory, CPU. I am not a programmer, so please bear with me as I try to formulate my question properly.

Upvotes: 0

Views: 234

Answers (2)

Shane Callanan
Shane Callanan

Reputation: 2305

From the technet article on the Get-ACL cmdlet

The Get-Acl cmdlet enables you to retrieve the security descriptor (access control list) for a file, a folder, or even a registry key

It retrieves NTFS persmission for any folder specified, including remote folders.

In your case, it would run from the machine the script is running from, and authenticate to the remote machine using the credentials supplied to retrieve the ACL

Upvotes: 0

Paul
Paul

Reputation: 5861

Assuming that you have all authentication correctly setup (you would run into a double-hop auth problem if i understand your plan correctly) the call to Get-Acl would be executed on the system the script is run on.

Upvotes: 0

Related Questions