Windows File Properties View of File Properties from

Windows File Properties

View of File Properties from File Explorer

Basic Properties (since DOS 1. 0) • Archive - marks the file as changed. Should be backed up • Read. Only - File cannot be modified • Hidden - file will not show up on a regular directory scan but will with get-child. Item -hidden won’t be accidentally erased • System -Marks file as a “System” file. Normally hidden and behaves as Read. Only It’s ridiculously difficult to use Power. Shell to change these, so we use the old DOS attrib command instead.

Attributes covered: • • • Archive file has changed. It should be backed up Compressed file has been compressed by Compact utility Directory can only be set when creating a directory Hidden file does not show up. Use get-childitem –hidden switch Read. Only file cannot be modified System file is essential for OS settings, user profiles, security… turn off, modify, turn on in order to change. Attributes not covered: • • I content indexed X not scrubbed P/U pinned or not pinned O Offline Encrypted Reparse. Point Sparse. File Temporary

Syntax of attrib [+|-]A [+|-]R [+|-]H [+|-]S attrib file. Pattern #Shows all matching files whether hidden or not file. Patterns in Windows include the use of ? And *, but do not include {} like you find in Unix, ie: ls *. {c, txt, report}. That means that since attrib only accepts one file pattern you may need to use attrib several times to change all the files that you want.

get-Child. Item can select files by attributes Get-Child. Item file. Pattern -attributes hidden, readonly, !archive, system+compressed #The comma operator ors attributes #The plus operator ands attributes #The ! Operator negates attributes Get-Child. Item #only non-hidden files Get-Child. Item –hidden #only hidden files Get-Child. Item -attributes !hidden, hidden #this is how we get both Get-Child. Item -attributes archive+system #+ ands attributes #BOTH are req’d Get-Child. Item -attributes directory, symbolic. Link

The Compressed Property compact /c files #Compact is a Windows Utility, not Power. Shell get-Child-Item -Attributes Compressed • Like attrib, compact is a Windows Utility, not Power. Shell • Compact saves space on the disk and can be applied to whole folders or the entire disk • The only easy way to determine the space saving is thru File Explorer • Power. Shell can detect a compressed file only thru the –Attributes switch

Creating and deleting a symbolic link New-item -type symbolic. Link -path my. Sym –target ` $HOMEDocumentsessay. docx remove-Item my. Sym • You have to have admin privileges to create or delete symbolic links. It’s a security issue more likely to happen in Windows than in Unix known as symlink racing. • Unlike Unix where symbolic links show all permissions turned on, ie: lrwxrwxrwx, symbolic links show the same mode as their target

Showing attributes Get-childitem essay. docx, mysym Mode darhs larhs Last Write Time 2020 -09 -15 11: 25 2020 -09 -16 11: 27 Length Name 3422 0 essay. docx mysym • The 1 st character is either d for directory or l for symbolic link • The mode values of symbolic links always match. Length and times don’t • Symbolic links cannot be selected through the –Attributes switch

Properties Discoverable from get-child. Item • Times • creation. Time. UTC • Last. Access. Time. UTC • Last. Write. Time. UTC • Exists • is. Read. Only • Length • Mode • Attributes

Name Properties of a File (or Files) • Name • Extension • Base. Name • Directory • PSDrive (a, b, c etc) • Full. Name (all of drive, directory, basename, extension)

Working with Individual file properties #Power. Shell represents the file as an object Write-host Hello >> eg. txt #Append to the file $x=get. Child. Item eg. txt $x. length $x. base. Name #Try out different properties……

Easy to work with multiple files to retrieve values $x=get-Child. Item *. txt $x+=get-Child. Item *. docx $x+=dir *. jpg #yes, you can use synonyms $x #shows the whole collection (Assuming the above gives >1 files) $y=$x. name #retrieves an array of names $y. get. Type() $y[0]. get. Type() #An array object #A string

Check get-Member to see which properties are setable Script Block

To set values for single items is easy $file=dir eg. txt $file. creation. Time=get-date –year ((get-date). year-1) $file. is. Read. Only=$true $file. Extension='stuff’ #oops! Invalid. Operation: 'Extension' is a Read. Only property: get but no set

Single items vs multiple items. (get-Child. Item my. File. docx). get. Type() System. IO. File. System. Info (get-Child. Item *). get. Type() #as long as this returns more than 1 file System. Array (get-Child. Item *)[0], (get-child. Item). length myfirst File, 89 #Your results will vary

To set values for multiple items requires a loop $filez=get-Child-Item foreach($file in $filez) { $file. Last. Write. Time =get-date $file } Script Block #pay close attention to the explanation of this! dir * | foreach-object –Process { $_. last. Write. Time=get-date –year ((get-date). year – 1) $newname= $env: username + ‘-’ + $_. name Current move-item $name $newname –passthru } Object Move-item is usually silent

Where-object (alias where, ? ) Filtering based on properties #Let’s create a bunch of files foreach($value in 1. . 20) { new-item “$value. stuff”, ”$value. other” –type file } #Let’s try filtering the files by the basename dir | where-object –prop basename -le 12 #oops! Didn’t quite work dir | ? { [int]$_. base. Name -le 12 } #much better! dir | ? { ([int]$_. base. Name -le 4) -or ([int]$_. base. Name –ge 17)} dir | ? { $_. base. Name -match “^[0 -9]{2}$” #regular expression

And one more thing… #I’m lazy about typing in “ “ every time. Let Power. Shell do the work! $animals="ant, baboon, cheetah, dog, elephant, giraffe, horse, ibex, jaguar, koala, llama, moose, narwhale, octopus, python, quail, rat, spider, tiger" ` –split ‘, ’ $list 1 $list 2 $list 3 $list 4 = get-random $animals -count 10 = $animals | where-object { $_ -like ‘*a*’ } = $animals | where {$_. length –le 6 } = $animals | ? { (get-random 100) –lt 30 }

One more thing… Get-Child. Item -Help any. Command -? # common switches Get-Command filepattern #summarizes all matching commands & functions Get-Child. Item | select-object -first 5 Get-Child. Item | select-object -tail 5 #Implements the head cmd #Implements the tail cmd dir | get-member -Member. Type Method, Script. Property, Note. Property, Property

Part II: Access Control Lists: Access Rights

View of Access Control Levels from File Explorer

Access Control Levels Full. Control implies all of these. Inherit is an additional property for folders. If this is set on a given folder, all subfolders inherit the permissions of the parent. Diagram Source: Adam the Automator

Access Control Levels Summarized Level Explanation Full Control All of the Below, Change Ownership, Change ACL Modify Create, Edit, Delete files and folders + a combination of Read and Write Read and Execute Read and execute files, permissions and attributes. Includes Read and Write ‘Traverse Folders’ means you can navigate from this folder to a subfolder without necessarily having the right to view this folder. In Unix terms: - - x permissions for a directory Read You can look at stuff, display it but you can’t change it. Write You can create stuff, use the attrib command to change properties, add to it, but you can’t look at the existing contents of a file or folder.

Review existing Users and Groups Get-local. User Get-local. Group New-local. Group –name Investors -description ‘ppl with money’ New-local. Group –name Developers -description ‘Cool Coders’ New-local. Group -name Accountants –desc ‘Follows the $’ Add-local. Group. Member -member Joe, ’Cindy Lu’ –group Home. Users Remove-local. Group. Member –member Sam, Raji –group Home. Users #A group member shares all the privileges given to a group

Retrieving ACL Objects $x=get-ACL file. Name #start with 1 file $x. owner #We’re only concerned with these 3 $x. group $x. access $y=get-ACL file. Pattern #Can use. get. Type() to see $y is a System. Array $y[0]. owner $y[0]. group $y[0]. access

Changing ACLs: Three Approaches • Steal and modify an existing ACL Entry (easy) • (get-acl Homestudent). owner NT AUTHORITYSYSTEM #home directories are owned by the SYSTEM • (get-acl homestudentDocuments). owner #anything below that – the user DESKTOP-B 2 Q 8 KHBstudent • Create one from scratch (much harder) • Icacls. exe (Think of it as attrib for ACLs)

Changing File Ownership: Stealing It #Changing File Ownership – you need to be Admin #User is student New-item eg 1. txt -type file #Make sure the file exists. $other. ACL=get-acl c: usersdemodocuments $my. ACL=get-acl eg 1. txt #This makes a copy of the ACL object $my. Acl. set. Owner($other. ACL. get. Owner([System. Security. Principal. NTAccount]) set-acl eg 1. txt $my. ACL -passthru DESKTOP-B 2 Q 8 KHBdemo #You can reuse this on other files

Changing File Ownership: icacls. exe This is a utility, like attrib, which has been around since Windows Vista. It’s much easier to use that Power. Shell commands and can be put in scripts icacls filepattern /setowner user #changes the file’s owner icalcls folder #: e enables inheritance #: d disables : r removes /inheritance: e icacls filepattern /grant entity: ’(perm)’ #perm is a list of N F M RX R W X or D icacls filepattern /remove entity #deletes the user entirely from the file icacls filepattern /revoke entity: ’(perm)’ #for fine tuning subprivileges icacls documentation #entity can be a user or a group #Everyone is a group – like Unix other

Displaying ACL Rights $x=(get-ACL filename). Access $x is an Authorization. Rule. Collection of File. System. Access. Rule$y $x | get-member -property #show the properties #The following is useful to know $x | select Identity. Reference, Is. Inherited, File. System. Rights

Using Power. Shell to Redefine Access Rights See: example This is where I got the ideas for the example: https: //4 sysops. com/archives/create-a-new-folder-and-set-permissions-withpowershell/

End of File Properties