Powershell and ACL regedit

Similar Messages

• Powershell and Sharepoint workflow

  Oke I got this a really strange problem.
  I got a ps1 file with powershell code in it. The code create a list item in sharepoint with all information and on the information I want to trigger a workflow.
  But now if I activated the ps1 file powershell as administrator(automatic) and then run the code thats in the file. But no Workflow tiggered in sharepoint the workflow is automatic activated when a new item is created.
  And the strange thing is if I open my script with notepad copy the text insert it into powershell and press enter my workflow runs...
  So any1 have an idea to fix this?

  Below is code snippet in c#.net for fetching all the attachements for a specific list item.
  try
                  // Set the Site Url
                  SPSite objSite = new SPSite("http://Testsite/");
                  using (SPWeb objWeb = objSite.OpenWeb())
                      objWeb.AllowUnsafeUpdates = true;
                      // Get the List
                      SPList objList = objWeb.Lists["MyList"];
                      // Get the item by ID
                      SPListItem objItem = objList.GetItemById(1);
                      // Get the attachments of the item
                      SPAttachmentCollection objAttchments = objItem.Attachments;
                      // Iterate the attachments
                      foreach (string fileName in objItem.Attachments)
                          // Perform action on
  the extracted attachment
   Hope it
  answer the questions.Any suggestions are appreciated.
  Cheers, Eliza

• Errors found when using tar and ACL's

  Having difficulties with TAR and ACLs, and wondering if anyone had seen this before.
  Here's the scenario: create a few directories and a few files. Tar it up and extract the files. Now assign some ACL's to them (some default for directories), tar it up, and extract the files. Permissions should remain the same. Under most circumstances they are.
  Now repeat the procedure, but put a default directory ACL on the parent directory where the TAR is created. What happens is that the group permissions for anything un-tared gets trashed.
  Here's a script to test it out.
  Create a dummy user (I called mine foobar) -- required for setting ACL's. Run the script with the "-d" option at first. Things appear good. You can compare the permissions on the bottom for each file/directory.
  Run the script with the "-s" option setting default ACL's on the parent.
  #!/usr/bin/sh
  ROOTDIR=/export/home/christian/config
  TESTDIR=/export/home/christian
  USER_X="oam"
  # Run the script once with normal permissions (no ACL's) in the test directory (where tar is located)
  # --> ./test.sh -d
  # look at the result (ls -l) of .../sub1dir, .../sub1dir_acl, and /sub1dir_orig
  # They should be relatively the same:
  # --> rwxrwxrwx permissions on directories
  # --> rw-rw-rw- on files
  # Now run the script but set the parent directory of the script (where the TAR's are located) to have default ACL's
  # --> /opt/MMSsyscnf/sub2dir/test/test.sh -s
  # Now look at the result (ls -l) of .../sub1dir, .../sub1dir_acl, and /sub1dir_orig
  # They are COMPLETELY skewed. Both times we tried to untar the files, ACL's wound up
  # all over the place and permissions were not set correctly.
  # --> rwxrwxrwx permissions ONLY on original directory (not the product of an UNTAR)
  # --> rwxr--rwx permissions on directories created by untar
  # --> rw-rw-rw- on files ONLY on original directory (not the product of an UNTAR)
  # --> rw-r--rw- on files created by untar
  # ****** Why is group affected by this, but "other" is not?! It's gotta be a bug!
  # MAIN
  ACTION="NOPREP"
  while [ -n "$1" ]
  do
  if [ "ABC$1" = "ABC-d" ]; then
  #flag set to try and remove default directory ACL's
  setfacl -d u:$USER_X $TESTDIR
  setfacl -d d:u:$USER_X $TESTDIR
  setfacl -d d:u::,d:g::,d:m:,d:o: $TESTDIR
  elif [ "ABC$1" = "ABC-s" ]; then
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $TESTDIR
  setfacl -r -m d:u:$USER_X:rw- $TESTDIR
  setfacl -r -m u:$USER_X:r-x $TESTDIR
  fi
  shift;
  done
  # clean up previous run of the test
  rm -r $ROOTDIR
  # create files/directories
  mkdir $ROOTDIR
  mkdir $ROOTDIR/sub1dir
  mkdir $ROOTDIR/sub1dir/sub2dir
  mkdir $ROOTDIR/sub1dir/sub2dir/sub3dir
  #set permissions
  chmod 777 $ROOTDIR
  chmod 777 $ROOTDIR/sub1dir
  chmod 777 $ROOTDIR/sub1dir/sub2dir
  chmod 777 $ROOTDIR/sub1dir/sub2dir/sub3dir
  # create files
  echo "" > $ROOTDIR/sub1dir/sub2dir/file1.txt
  echo "" > $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  chmod 666 $ROOTDIR/sub1dir/sub2dir/file1.txt
  chmod 666 $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  # tar/zip the files:
  /usr/bin/tar -cvf $ROOTDIR/tarBeforeACLs.tar $ROOTDIR/sub1dir
  /usr/bin/gzip $ROOTDIR/tarBeforeACLs.tar
  # move the directory (so we keep the original as a template of what things should look like)
  mv $ROOTDIR/sub1dir $ROOTDIR/sub1dir_orig
  # untar/zip the files:
  /usr/bin/gunzip $ROOTDIR/tarBeforeACLs.tar
  /usr/bin/tar -xvf $ROOTDIR/tarBeforeACLs.tar
  ls -lR $ROOTDIR
  # Ok. These have been tested to be the exact same.
  echo "********************************************************************************"
  echo "********************************************************************************"
  echo "********************************************************************************"
  # Let's try using ACL's now
  # --> directories (owned by root) must be acessible to OAM user.
  # --> files (owned by root) must be read/writable by user OAM when created in the directories
  setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir
  setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir/sub2dir
  setfacl -r -m u:$USER_X:r-x $ROOTDIR/sub1dir/sub2dir/sub3dir
  setfacl -r -m u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/file1.txt
  setfacl -r -m u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir
  setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir/sub2dir
  setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir
  setfacl -r -m d:u::rw-,d:g::r--,d:o:---,d:m:rwx $ROOTDIR/sub1dir/sub2dir/sub3dir
  setfacl -r -m d:u:$USER_X:rw- $ROOTDIR/sub1dir/sub2dir/sub3dir
  # here are things as they stand
  ls -lR $ROOTDIR
  echo "********************************************************************************"
  echo "********************************************************************************"
  echo "********************************************************************************"
  # tar/zip the files:
  /usr/bin/tar -cvfp $ROOTDIR/tarAfterACLs.tar $ROOTDIR/sub1dir
  /usr/bin/gzip $ROOTDIR/tarAfterACLs.tar
  # move the directory (so we keep the directory that was applied ACL's)
  mv $ROOTDIR/sub1dir $ROOTDIR/sub1dir_acl
  # untar/zip the files:
  /usr/bin/gunzip $ROOTDIR/tarAfterACLs.tar
  /usr/bin/tar -xvfp $ROOTDIR/tarAfterACLs.tar
  # here are things after we've untared them
  ls -lR $ROOTDIR
  echo "********************************************************************************"
  echo "********************************************************************************"
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig $ROOTDIR/sub1dir_acl $ROOTDIR/sub1dir
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir $ROOTDIR/sub1dir_acl/sub2dir $ROOTDIR/sub1dir/sub2dir
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir/sub3dir $ROOTDIR/sub1dir_acl/sub2dir/sub3dir $ROOTDIR/sub1dir/sub2dir/sub3dir
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir/file1.txt $ROOTDIR/sub1dir_acl/sub2dir/file1.txt $ROOTDIR/sub1dir/sub2dir/file1.txt
  echo "********************************************************************************"
  getfacl $ROOTDIR/sub1dir_orig/sub2dir/sub3dir/file2.txt $ROOTDIR/sub1dir_acl/sub2dir/sub3dir/file2.txt $ROOTDIR/sub1dir/sub2dir/sub3dir/file2.txt
  echo "********************************************************************************"
  Any ideas?

  UFSDUMP has some limitations, including being on a file system that is read-only. Yes, I could force it on a read-write FS, but I normally stay away from big sticker labels found in man pages when I encounter them. :-(
  What I was originally after was a script that makes a backup of application configuration files before I modify them. Thus, I tar/zip the directory.
  These config files/directores have ACL's attached to them to allow various roles to access them (group permissions are not fine-grain enough). However, when I ran through a couple of tests, I came across a scenario that overwrote the original permissions. Tested it on Solaris 10 and Solaris 9, and both fail.
  So now (very late into the feature design) I'm VERY concerned about using ACL's on Solaris, and wonder what other side-effects there are that I'm not aware of. Can't seem to find a bug report on it, so I thought I'd ask around to see if it was just the behaviour of the TAR/ACL that I'm not quite getting, or if it really is a bug.
  /chris

• Role based security and ACLs

  Hello,
  I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
  Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
  So:
  1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
  2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
  3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
  Your response is appreciated.

  Hello,
  I have a question regarding Roles and ACLs. I understand that I can use one or more security realms to host users, groups, and ACLs. (In fact I am implementing a custom realm for users and groups like RDBMSRealm, and wanted WLPropertyRealm to handle ACL/permission based duties.)
  Reading the "Writing a Web Application" it is apparent that ACLs are not supposed to be used for Servlets/JSP anymore, but rather to map roles to security principals via the deployment descriptor files for the web application.
  So:
  1. I assume that Weblogic will determine, once I have authenticated the user in my realm, whether or not the user is in a certain role, and therefore, whether or not they have access to a particular resource?
  2. What happened to the concept of permissions? Is it assumed that if the user is in the required role that they have permission to execute the servlet/JSP?
  3. Does it make sense to talk about ACLs anymore? A checkPermissions() method on an Acl object doesn't make sense now. Instead am I to use isUserInRole() ? (This doesn't seem the same to me - asking if User A has execute permission on this resource is different than asking if User A is in the CSR role.)
  Your response is appreciated.

• Powershell and -contains

  Hi, 
  I have a little problem with powershell and "contains"
  In this situation works well and return "true"
  $test = "where is the word"
  ($test).Contains("word")
  but in this other return always "false" 
  $test = Get-Process
  ($test).Contains("winlogon")
  Why? 
  Thanks
  Andrea Gallazzi
  windowserver.it - blog:
  andreagx.blogspot.com
  This posting is provided AS IS with no warranties, and confers no rights.

  Hi,
  Try looking at the ProcessName property:
  PS C:\Scripts\PowerShell Scripts\Misc Testing\1-10-2014> $test = Get-Process
  PS C:\Scripts\PowerShell Scripts\Misc Testing\1-10-2014> $test.ProcessName.Contains('winlogon')
  True
  EDIT: If I remember correctly, I believe this requires PS3+ though.
  EDIT2: This will work if you only have v2 (I'm sure there's a better way to do this, but this'll work in a pinch):
  PS C:\> $found = $false
  PS C:\> $test = Get-Process
  PS C:\> $test | ForEach { If ($_.ProcessName.Contains('winlogon')) { $found = $true } }
  PS C:\> $found
  True
  Don't retire TechNet! -
  (Don't give up yet - 12,575+ strong and growing)

• Powershell and robocopy pausing

  I am using powershell and Robycopy to move files from volume to another.  Server 2008R2 iSCSI volumes on
  It seems that powershell window occasionally pauses.  When I hit enter the process just starts up again.  It is taking more that a day to move 2TB of data.  Command is: robocopy h:\ j:\ /e /mov /R:5 /W:10 /log:c:\movedidson.log /TEE /NP /ETA
  Also an empty folder remains on the first drive.  Why is it not deleting the folders after it copies.
  Thanks,
  Mark

  Hi Mark,
  Total shot in the dark, perhaps this will help:
  http://social.technet.microsoft.com/Forums/en-US/ab36656d-bfbd-4ff1-ac7a-84e2ac975c1d/powershell-hangs?forum=winserverpowershell
  EDIT: Also, this isn't exactly a PowerShell question. You may be using PowerShell to launch robocopy, but that's pretty much the end of anything PowerShell related.
  Don't retire TechNet! -
  (Don't give up yet - 12,575+ strong and growing)

• Document browser and ACL Authorization

  Dear friends,
  We are working on ECC 6.0 and required to implement SAP DMS. As of with every ERP 2005 default two features are coming, document browser and ACL Authroization. These features are not required by users, so we need to de-activate these. We have a note for these wherein it is mentioned that one of the component is required to upgrade. We dont want to go with this. If any note is there by applying which we can de-activate those features will be well and good, instead of upgrading component.
  Regards,

  Dear Tushar,
  This t-code will be enable only after support pack SAPKGPAD11 or greater version is implemented. Our client is not in the position to upgrade, by implementing support packs. Alternate solution if any, pls suggest. By applying any notes if we can de-activate these features, let us know.
  Regards,
  Punam

• Asking Again: Group Description Updated in Admin UI is not reflected in PowerShell and vice versa

  I've updated the Groups Description (About Me) using the GUI / Website.  Then running a script to output the Group's Description like:
  $siteUrl = "site url"
  $web = Get-SPWeb $siteUrl
  $web.SiteGroups
  $web.Dispose()
  The description doesn't change.  I can then update the Description of the group using PowerShell and close the window then and run the above code the changes are reflected.  However, the GUI / Website doesn't have the changes.  Very odd!
  raym

  Hi raym,
  Does this still work for you?
  I am rapidly losing my mind over this...
  Is there anything that you left out or perhaps assumed that Noobs (like myself) would already know or have considered? ;)
  I have tried about ten different solutions and Nothing works.
  All I get is plain text.
  Set
  Group Description to HTML via PS Script (This will explain what I have - from my original request of the same)
  Please!! If anyone can shed some light on this before I scrap SP altogether and revert back to DOS. It is the Only thing of Microsoft that actually worked. Oh! and AOE2!! ;)
  TIA,
  Neil

• Activate Document Browser and ACLs

  Hi all,
  I want to activate the Document Browser and ACLs tab in the DIR.
  I have followed CAC--> Document Management --> Control Data --> Activate Document Browser and ACLs and then I've maintained "X" for each tab, but in the DIR nothing appear.
  Have you any suggestions?
  Thanks,
  Marco.

  Hi,
  In this activity, you can activate the document browser and ACLs independently of one another.
  When you select the indicators, the tab pages Document Browser and Authorizations are available in document editing.
  The document browser contains the folder structure of SAP Easy Document Management, which you can use to edit documents. For more information about the document browser, see SAP Library under SAP ERP Central Component -> Cross-Application Components -> Document Management -> Document Browser.
  You use ACLs to pass on access rights that you created for a particular folder to other folders in the same structure. For more information about ACLs, see SAP Library under SAP ERP Central Component  -> Cross-Application Components -> SAP Easy Document Management -> Work with SAP Easy Document Management -> Authorizations in SAP Easy Document Management
  Also check ,
  As of SAP ERP 2005, all ACLs are automatically available in SAP Easy Document Management and the back-end system. As of SAP R/3 4.7, it is possible to implement ACLs and you have to implement ACLs up to SAP ERP 2005 (see SAP Note 798504).
  http://help.sap.com/saphelp_erp60_sp/helpdata/en/7c/4ca9429888b111e10000000a155106/frameset.htm
  https://www.sdn.sap.com/irj/scn/wiki?path=/display/plm/newFunctionalitiesinERP2005
  Benakaraja ES
  Edited by: benaka rajes on Jun 11, 2009 10:48 AM

• Reset Pasword - do I need to reset Directory Permissions and ACLs?

  I reset the password as described below on my mom's computer, as she forgot it.
  http://support.apple.com/kb/HT1274
  I did not reset Directory Permissions and ACLs.
  Do i need to do this?
  Thanks!

  JulieK23 wrote:
  I reset the password as described below on my mom's computer, as she forgot it.
  http://support.apple.com/kb/HT1274
  I did not reset Directory Permissions and ACLs.
  Do i need to do this?
  only if there was something wrong with them. otherwise this is quite independent of resetting the password and is not necessary if all you need is to reset the password.
  Thanks!

• Windows Powershell and HP Open Test Architect (TDApiOle80)

  I'm not sure that this is the correct forum to place this in. Please feel free to move it if needed...
  I have a task to create a new script using powershell and the OTA. When trying to log into quality center via the open test architecture in powershell I get this error. 
  At my computer char:22+ $td.InitConnectionEx $qualityCenterLink+ ~~~~~~~~~~~~~~~~Unexpected token '$qualityCenterLink' in expression or statement.
  At my computer char:11+ $td.Login $qualityCenterUsername, $qualityCenterPassword+
        ~~~~~~~~~~~~~~~~~~~~~~
  This is the code that I am using.
  $td = New-Object -ComObject "TDApiOle80.TDConnection"
  $td.InitConnectionEx $qualityCenterLink
  $td.Login $qualityCenterUsername, $qualityCenterPassword
  This code currently works in a script written with VBscript. I am just modifying the td variable to use powershell instead of vbscript. Do you all have any idea what it is that is causing this not to run? Also, Is powershell compatible with the OTA? I am assuming
  so only because the OTA is a COM package.

  it appears it doesn't like the formatting. It doesn't know how to handle the varibles
  Powershell thinks thinks these are 2 variable next to each other
  $td.InitConnectionEx $qualityCenterLinkmaybe put $td.InitConnectionEx($qualityCenterLink)$td.Login $qualityCenterUsername, $qualityCenterPasswordPowershell thinks thinks these are variable next to each other, with a comma separating two of themmaybe put $td.Login ($qualityCenterUsername, $qualityPasswrod)Maybe you can do $td | get-member, may that will show you how the arguments should look. I have neverused the OTA, just guessing here.

• Reset Home Folder Permissions and ACLs spinning forever

  Hi, all.
  The performance of my Intel iMac (circa 2008 or so) had degraded quite a bit, so I decided it was time to reinstall Snow Leopard. Did so, then restored my apps and documents via Time Machine. Suddenly, it was impossible to launch most applications (Chrome, the App Store, etc.) Repairing permissions using Disk Utility did not help.
  Upon reading an article on this, I booted from the Snow Leopard disk, entered the Reset Password utility, and attempted to Reset Home Folder Permissions and ACLs. The process has been running for several hours with no end in sight and no error message. Is this normal? And if not, what should my next step be?
  Thanks so much!

  Do a force shutdown holding the power button and reboto to get into the machine (might have to hold Shift Key) and get a copy of your users files off and onto a external storage drive (not TimeMachine)
  Then start all over using this method select the entire drive to zero erase and install, that should clear the bad sector issue it appears your having.
  How to erase and install Snow Leopard 10.6
  Do not restore anything from TimeMachine, it's corrupted data, reinstall all apps fresh from original sources and only files (you know are good) from the storage drive.
  This is known as a "fresh install method" later you can update TM to backup this newer and cleaner configuration.
  Why is my computer slow?
  For Snow Leopard Speed Freaks
  once you get all tweaked, clone it.
  Most commonly used backup methods
  https://discussions.apple.com/community/notebooks/macbook_pro?view=documents

• Learning about Powershell and IPV6 for 70-410

  I was reading up on the 70-410 exam as I am trying to study up before I take it at the end of the month and it appears knowing Powershell and IPv6 is necessary. Alot of the links I've searched don't seem to cover how Powershell interacts with managing
  a Server 2012 R2 machine and cover things like scripting, etc. Also, I want to know how would one study IPv6 since this is also important to the exam.

  Hi Matthew,
  For IPV6 you can read:
  " http://technet.microsoft.com/en-us/library/dn610908.aspx  " 
  The best way to study PowerShell is to practice with PowerShell (i.e. Configure the Server Core). This is what I did. :)  Good Luck 
  Greets,
  Kenan
  P.s. : " Training Guide: Installing and Configuring Windows Server 2012 " is a good book that can help you for preparing for 70-410 exam 

• Powershell and DB2

  Hi -
  I'm wondering if anyone has had any luck/experience with getting DB2 command file scripts to run via Powershell?
  In addition, I have a situation where I need to query two different DB2 databases for information.  First database has a list of customers that use a GUID for their identification.   I would like to run a Powershell/DB2 script to dump the
  list of customers to a .CSV file.
  I then need to hop over to another server and would like to run another Powershell/DB2 script that basically reads the .CSV file with list of customers and executes against another table on current server and matches the customer GUID identification against
  the GUID's in the current DB2 tables.    If these two databases where on the same servers, I could probably do a JOIN or something, but since they're not -- I have do to this mickey-mouse routine.
  Anyway, if anyone has any ideas, it would be greatly appreciated.   Trying to match up GUIDs to determine what customer is what is no fun and very tedious.
  I didn't write this software, do don't blame me! ;-)

  I've done a little with DB2 and powershell, the trick is to open the DB2 prompt, and then run powershell, that will allow you to run db2 commands in powershell.. if you run powershell and then db2, it doesn’t work...
  im not sure you really need that, you could probably just use ODBC or some other .NET database method.
  I've almost been able to rip the provider out of the a DB2 service pack so that I can run queries remotely. I've done it, just not sure exactly how I did it so I cant provide steps yet.
  very interested in the work youve done here.  do you have an update on this?

• Powershell Get-Acl not allowed Exception

  Hello
  On some objects, i get "Requested registry access is not allowed" with get-acl. But when i try to access to this object with regedit, i can enumerate Access rights.
  The perfect example is the command  get-acl hklm:\security
  i don't understand why i have sufficient access rights with regedit and not with Get-Acl ?

  Actually David is closer on that key>
  If we do this you will see also why:
  PS C:\scripts> `cd hklm:
  PS HKLM:\> dir
  Name                           Property
  BCD00000000
  HARDWARE
  SAM
  dir : Requested registry access is not allowed.
  At line:1 char:1
  + dir
  + ~~~
      + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACHINE\SECURITY:String) [Get-ChildItem], SecurityExceptio
     n
      + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.GetChildItemCommand
  SOFTWARE                       (default) :
  SYSTEM
  PS HKLM:\>
  ¯\_(ツ)_/¯