Shares: Access mask

The access mask controls what you can do i.e. what rights you have. We can use the GetAccessMask method to find the access mask but all we get back is a number we need unravel it. The number id a bit mask with the following values assigned

$mask = DATA {
ConvertFrom-StringData -StringData @’
1 = Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.
2 = Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.
4 = Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.
8 = Grants the right to read extended attributes.
16 = Grants the right to write extended attributes.
32 = Grants the right to execute a file. For a directory, the directory can be traversed.
64 = Grants the right to delete a directory and all of the files it contains (its children), even if the files are read-only.
128 = Grants the right to read file attributes.
256 = Grants the right to change file attributes.
65536 = Grants delete access.
131072 = Grants read access to the security descriptor and owner.
262144 = Grants write access to the discretionary access control list (DACL).
524288 = Assigns the write owner.
1048576 = Synchronizes access and allows a process to wait for an object to enter the signaled state.
‘@
}

We can use the mask like this

We use invoke-wmimethod to get the mask and then compare the keys of our hash table against the access mask.

This returns the mask for the person running the script not the whole mask.