I'm dealing with two directories, the one being the parent of the other (but that's irrelevant for the question). I want to read the files in one directory, using an application, but that seems not to work. According to the Powershell
Get-Acl
command, that can easily be explained:
Prompt> Get-Acl -All C:\Temp_Folder\Decompile
...
Path Owner Access
---- ----- ------
Decompile Domain\MyUser APPLICATION PACKAGE AUTHORITY\ALL APPLICATION
PACKAGES Allow Write, Read, Synchronize...
Prompt> Get-Acl -All C:\Temp_Folder\Decompile\Customer_Logs
...
Path Owner Access
---- ----- ------
Customer_Logs Domain\MyUser NT AUTHORITY\SYSTEM Allow FullControl...
As you can see, I have full control over the directory "C:\Temp_Folder\Decompile\Customer_Logs" while the permissions on the directory "C:\Temp_Folder\Decompile" are limited.
However, the problem is just the opposite: I can see everything in the "C:\Temp_Folder\Decompile" directory, while I see nothing in the "C:\Temp_Folder\Decompile\Customer_Logs" directory.
- How is this possible?
- Is there a way to copy the file permissions from one directory to another one? (I didn't see such an option in the Powershell
Set-Acl
command)
Oh, my application is Microsoft Server Management Studio, version v18.12. I'm trying to restore a backup and I can't seem to find it in its directory.
Edit1: Full list of directories' file permissions:
Prompt> Get-Acl -All C:\Temp_Folder\Decompile\ | fl
Path : Microsoft.PowerShell.Core\FileSystem::
C:\Temp_Folder\Decompile\
Owner : Domain\MyUser
Group : Domain\Domain Users
Access : APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES
Allow Write, Read, Synchronize
BUILTIN\Administrators Allow FullControl
NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Users Allow ReadAndExecute, Synchronize
NT AUTHORITY\Authenticated Users Allow Modify, Synchronize
NT AUTHORITY\Authenticated Users Allow -536805376
Audit :
Sddl : ...
Prompt> Get-Acl -All C:\Temp_Folder\Decompile\Customer_Logs | fl
Path : Microsoft.PowerShell.Core\FileSystem::
C:\Temp_Folder\Decompile\Customer_Logs
Owner : Domain\MyUser
Group : Domain\Domain Users
Access : NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
Domain\GVH Allow FullControl
Domain\MyUser Allow FullControl
Audit :
Sddl : ...
Edit2: iCalcLs results:
C:\Temp_Folder\Decompile>icacls .
. APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(R,W)
BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
Successfully processed 1 files; Failed processing 0 files
...
C:\Temp_Folder\Decompile\Customer_Logs>icacls .
. Domain\MyUser:(OI)(CI)(F)
Domain\GVH:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
|fl
or evenicacls.exe
to get it) and you're not listed in the truncated ACL output.|fl
trick: I'm quite a newbie in Powershell :-) I've edited my question accordingly.icacls
for both directories?icalcls
results. If this does not solve the issue, I'm afraid there"s a bug somewhere in my SQL-Server Management Studio application.dir
has a habit of saying the directory is "empty" when it gets an access-denied error, but PowerShell and graphical browsers would just outright say that access is denied.