How can I compare against FileSystemRights using Powershell?


I want to check whether a given user has access to a given folder – by checking if they have “Modify” access assigned to them.

I thought that the PS for that would be:

But the final part of that isn’t working – I get back no result. But I know that they have Modify access – if I put in:

then I get back:

Is this because the FileSystemRights property is an enumeration? And if so, how do I test against it?


It’s a type problem. (Get-Acl .\myfolder).Access[].FileSystemRights is of type System.Security.AccessControl.FileSystemRights. It’s not really displaying a string. To make it a string, just use the ToString() method:

Or you can use the bitwise comparison method. However, it’s very easy to confuse when you want to use this:

With when you want to use this:

They have very different meanings. For example, if you have Full Control, the former test is still true. Is that what you want? Or do you want to know when the FileSystemRights are literally just Modify?

Also, [System.Security.AccessControl.FileSystemRights] is an incomplete enumeration. In my environment, I found I needed this table:

It’s interesting to compare the output of these:

The GENERIC rights are not enumerated in the .Net class, but you will see that numeric value if you enumerate enough files.

Good luck!


How can I compare against FileSystemRights using Powershell? by licensed under CC BY-SA | With most appropriate answer!

Leave a Reply