# get-aclで取得したアクセス権限(FileSystemRights)が、
# 32ビット整数(例:268435456)だった時の変換を行う関数
function map-acl ($aclnumber) {
# 権限と32bit整数の紐付けハッシュ
$accessMask = [ordered]@{
[uint32]'0x80000000' = 'Generic_Read' # 2147483648(読み込み同等)
[uint32]'0x40000000' = 'Generic_Write' # 1073741824(書き込み同等)
[uint32]'0x20000000' = 'Generic_Execute' # 536870912(実行同等)
[uint32]'0x10000000' = 'Generic_all' # 268435456(フルコン同等)
[uint32]'0x02000000' = 'MaximumAllowed' # 33554432(詳細不明。予約済みビット)
[uint32]'0x01000000' = 'AccessSystemSecurity' # 監査ログ出力設定
# [uint32]'0x00100000' = 'Synchronize'
[uint32]'0x00080000' = 'TakeOwnership'
[uint32]'0x00040000' = 'ChangePermissions'
[uint32]'0x00020000' = 'ReadPermissions '
[uint32]'0x00010000' = 'Delete'
[uint32]'0x00000100' = 'WriteAttributes'
[uint32]'0x00000080' = 'ReadAttributes'
[uint32]'0x00000040' = 'DeleteSubdirectoriesAndFiles'
[uint32]'0x00000020' = 'Traverse/ExecuteFile'
[uint32]'0x00000010' = 'WriteExtendedAttributes'
[uint32]'0x00000008' = 'ReadExtendedAttributes'
[uint32]'0x00000004' = 'CreateDirectories/AppendData'
[uint32]'0x00000002' = 'CreateFiles/WriteData'
[uint32]'0x00000001' = 'ListDirectory/ReadData'
}
# 2032137の場合フルコントロール。それ以外は
switch ($aclnumber) {
"2032127" {echo "FullControl";return}
}
# 入力された番号と配列を論理積でマッピング
$accessMask.Keys | ? { $aclnumber -band $_ } | % { $accessMask[$_] }
}
# 使用例
PS > map-acl 2032127
FullControl
PS >map-acl 268435456
Generic_all
