Created
January 2, 2018 15:18
-
-
Save geekman/5fe182259bdd212ae69edf61f0aeee57 to your computer and use it in GitHub Desktop.
retrieves owner of a Windows profile directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CmdletBinding()] | |
Param( | |
[Parameter(Mandatory=$True,Position=1)] | |
[string] $Path | |
) | |
# Usually the profile owner has full control, but is not a well-known SID | |
# References: | |
# https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems | |
# https://technet.microsoft.com/en-us/library/ff730940.aspx | |
function GetProfileOwner([string] $path) { | |
try { | |
$acl = New-Object System.Security.AccessControl.DirectorySecurity $path, @('access') | |
#$all_sids = $acl.Access | %{ $_.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) } | |
[System.Security.Principal.IdentityReference] $owner = $null | |
foreach ($ace in $acl.Access) { | |
$id = $ace.IdentityReference | |
$sid = $id.Translate([System.Security.Principal.SecurityIdentifier]) | |
if ($sid.AccountDomainSid) { # well-known SIDs have no domain SID | |
$owner = $id | |
break | |
} | |
} | |
return $owner | |
} catch { | |
throw | |
} | |
} | |
if (!(Test-Path $Path)) { | |
throw "path not found $Path" | |
} | |
$owner = GetProfileOwner $Path | |
if ($owner) { | |
Write-Host $owner | |
} else { | |
exit 1 | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment