Get-ACL only creates an empty DirectorySecurity object

Hello everyone,

I have been working on a PSU App which basically reads and writes a database based on specific parameters etc. One step of that process in reading a database table that contains a UNC path of folders. The app must read the ACLs on all these UNC and compares them with the entries in another table. I have written a function that creates a New-PSDrive for the root folder. That’s necessary as I have to pass credentials to be able to browse all those folders. It works totally fine when I run the function manually or by calling it from another script. However, once I call that function within a page of my PSU app, the function always returns an empty DirectorySecurity object. I tried to call Get-ACL directly (without using an extra function) with the same result. A every easy test is:

$acl = Get-Acl -path 'C:\'
Show-UDToast ($ACL).Owner

Calling $acl in debugger shows this:

It does not matter what path I try. It is always the same result. The weird part is, that the variable $acl exists but has no value. If it was completly empty ($null) I would have looked for errors during the Get-ACL command but it runs without any errors. I am also able to run a Get-ChildItem of the New-PSDrive path. I am just not able to get the ACLs for some reason. Am I missing something here? Or does it work as designed as some kind of a security feature?

EDIT: I just came across this thread: Get-Acl not working correctly in PowerShell 7 enviroments · Issue #2482 · ironmansoftware/issues · GitHub . Seems like a known, documented issue. Sorry :slight_smile:

Product: PowerShell Universal
Version: 1.4.6

Just in case someone else runs into this issue
As mentioned in the GitHub Thread - it works after switching back to PS 5.1 environment. However, if that is not possible in your PSU app for whatever reason, another workaround is to create an additional powershell.exe process, run the Get-ACL, export the result to JSON and import the JSON file(s) back as an object.

$arg = 'Import-Module Microsoft.PowerShell.Security -RequiredVersion; Get-ACL -path $UNC_path | Select-Object path, access | ConvertTo-json'
Start-Process -FilePath 'powershell.exe' -ArgumentList $arg -NoNewWindow -RedirectStandardOutput ('C:\PSULogDir\ACLs\' + $folder.foldername + '.json') -RedirectStandardError ('C:\PSULogDir\ACLs_Errors\' + $folder.foldername + '.json')

If you have multiple folders you should change the process’ argumentlist to run a loop rather than putting the start-process into a loop.