How to list folder permissions located on a different server

Question

I'm fairly new to PowerShell and am running into a problem.

I want to do the following:

Get list of permissions/users on a single folder on a different server than where I am running my PowerShell window from.

Current command failing:

Get-acl -path "\\servername\folder" 

Error Message:

Get-acl : Cannot find path '\\servername\folder' because it does not exist

Does this command only work on the local machine?

Answer 1

It turns out with the way permissions/authentications are setup in my environment prevented my code from working.

Here are the steps I took to verify if I could connect to the server:

Test-Path \\server\folder

This returned "False", which is why my code was breaking. The work around I used was this:

#Step 1: remotely connect to server
Enter-PSSession -ComputerName servernamegoeshere

#Step 2: get list of permissions on folder and save to csv
get-acl E:\foldernamehere | 
select -expand access |
export-csv C:\Users\usernamegoeshere\Documents\listofperms.csv |
#Step 3: close remote connection
Exit-PSSession

I still had to remote into the server and copy the csv to the location I wanted because again, any copy command to another server/share in PowerShell would not work due to permission/authentication issues.

This article explains authentication/permissions a bit better than I can:

http://blogs.technet.com/b/heyscriptingguy/archive/2012/11/14/enable-powershell-quot-second-hop-quot-functionality-with-credssp.aspx

---

Second way to do this with less code and not having to create a remote session thanks to user Ansgar Wiechers:

Invoke-Command -Computer server -ScriptBlock {get-acl E:\folder | 
select -expand access } |
export-csv \\server\folder\accesslist.csv 

With PowerShell, there are many ways to do one thing...I think this way is best/most simple! Thanks!

Answer 2

The command works on UNC paths as well, but UNC paths are slightly different from local paths. You need an access point to enter the file system of a remote host. For SMB/CIFS access (via UNC paths) that access point is a shared folder, so you need a path \\server\share or \\server\share\path\to\subfolder.

With an admin account you could use the administrative shares (e.g. \\server\C$\Users\Administrator), otherwise you need to create a share first.