Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

FileSystemAclExtensions::GetAccessControl does not work until using Get-Acl once

See original GitHub issue

Prerequisites

Write a descriptive title.
Make sure you are able to repro it on the latest released version
Search the existing issues.
Refer to the FAQ.
Refer to Differences between Windows PowerShell 5.1 and PowerShell.

Steps to reproduce

I have a script to create a report on filesystem permissions. For performance reasons I use [System.IO.FileSystemAclExtensions]::GetAccessControl() instead of Get-Acl. This is working fine in 7,1.3 but does not work in 7.3.1 or 7.4.0-preview.1

Steps to reproduce:

 [System.IO.FileSystemAclExtensions]::GetAccessControl( [System.IO.DirectoryInfo]::new( "c:\windows"))

It will provide the expected output after using Get-Acl once, regardless of the path (e.g. Get-Acl HKCU:).

Expected behavior

Path Owner                       Access
---- -----                       ------
     NT SERVICE\TrustedInstaller CREATOR OWNER Allow  268435456…

Actual behavior

Path Owner Access
---- ----- ------

Error details

No response

Environment data

Name                           Value
----                           -----
PSVersion                      7.3.1
PSEdition                      Core
GitCommitId                    7.3.1
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Visuals

Issue_GetAccessControl

Issue Analytics

State:
Created 8 months ago
Reactions:2
Comments:8 (5 by maintainers)

Top GitHub Comments

1reaction

Northman-decommented, Jan 16, 2023

@MartinGC94 Using .net instead of a cmdlet may be harder, but in some cases the decrease of the script runtime is significant (see above: one minute compared to nearly half an hour. And this was just a small directory. The script is intended to run on much larger volumes).

@mklement0 I already added the import-module as Martin suggested and it solved my problem. I do not see this as a big deal. My problem was to identify what was missing.

Many thanks to all of you for your effort to explain and to provide helpful code (already saved for future use). I appreciate that very much.

1reaction

MartinGC94commented, Jan 9, 2023

ETS is a standard feature in PowerShell and I’m sure there’s some help topic that explains all the details. I’m not aware of any way to know where type data was loaded from but generally speaking, modules only modify type data for types they use.
As for startup time, I don’t know but every little bit helps. IMO PS is way too slow to start up.

As for using .NET, it may be faster but as you can see here you lose some of the benefits that PowerShell provides for you. The DirectorySecurity class doesn’t contain the properties that are missing in your screenshot: https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.directorysecurity so if you want to use .NET directly then be prepared to work a little harder.

<div>DirectorySecurity Class (System.Security.AccessControl)</div><div>Represents the access control and audit security for a directory. This class cannot be inherited. </div>