SK
12/21/2020, 11:28 AMselect * from ntfs_acl_permissions where path LIKE
with any path or file doesn't seem to give any results.seph
12/21/2020, 1:42 PMSK
12/21/2020, 1:48 PMfritz
12/21/2020, 2:53 PMSK
12/21/2020, 2:54 PMselect * from ntfs_acl_permissions where path = 'C:\Program Files\osquery\osqueryi.exe';
This query does not result anything.> Get-Acl -Path 'C:\Program Files\osquery\osqueryi.exe'
Directory: C:\Program Files\osquery
Path Owner Access
---- ----- ------
osqueryi.exe NT AUTHORITY\SYSTEM NT AUTHORITY\SYSTEM Allow FullControl...
fritz
12/21/2020, 4:32 PMselect * from ntfs_acl_permissions where path = '\Program Files'
seph
12/21/2020, 4:45 PMSK
12/21/2020, 7:11 PM> select * from ntfs_acl_permissions where path = 'C:\Program Files\';
+-------------------+-------+-------------------------------------+--------------------------------------------------------------------------------------------------------------+----------------+
| path | type | principal | access | inherited_from |
+-------------------+-------+-------------------------------------+--------------------------------------------------------------------------------------------------------------+----------------+
| C:\Program Files\ | Grant | TrustedInstaller | Specific Rights All,Delete,Read Control,Write DAC,Write Owner,Std Rights Required,Synchronize,Std Rights All | No Inheritance |
| C:\Program Files\ | Grant | TrustedInstaller | Generic All | Unknown |
Did not expect that to work at all.
@fritz it seems to only work on folders not files, am I correct?fritz
12/21/2020, 7:21 PMSK
12/21/2020, 7:27 PMMike Myers
12/21/2020, 8:42 PMSK
12/21/2020, 8:47 PM