When I look at a file or folder in Windows explorer, it generally shows the Owner as a specific user; in my environment, showing as <domain>\<username>. It shows this information both when I add the Owner column to a folder view, and by right-clicking on a file and looking at the Details tab. I think this is what most people expect to see when they think about the Owner of a file or directory.
I want to grab this owning-user information for a large number of files and folders. However, when I do what every tutorial, blog post and forum answer suggests to get the Owner programmatically in powershell, it shows the Owner as BUILTIN\Administrators:
PS:>Get-Item '.\file.txt' | Get-Acl | Format-List
Path : Microsoft.PowerShell.Core\FileSystem::Z:\path\to\file.txt
Owner : BUILTIN\Administrators
Group : <domain>\Domain Users
Access : NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
<domain>\<myusername> Allow FullControl
Audit :
Sddl : <lots of fancy letters>
There are various posts around which explain why this happens (TL;DR: items created by users who are members of the Administrators group), so don't need to retread that here. And I can see that the info I'm really looking for is there as one of the System.Security.AccessControl.FileSystemAccessRule objects under the Access property. I am considering workarounds including filtering BUILTIN / NT AUTHORITY records out of the Access list, or perhaps filtering on a class as in this helpful question.
However, those solutions seem both inefficient and inelegant. In the UI, Windows seems to "know what I mean" when I want to see the Owner of an item. So it seems really strange that there's no more straightforward way to grab that information in code.
Where does Explorer pull its Owner information from? Is it really doing some kind of inefficient, heuristic list-filtering under the hood as well?
Or must there not be direct way to approach this?
Solutions in powershell, c# or any .net language gratefully received!
Tried and failed:
The solution in this question of calling .GetAccessControl().GetOwner(typeof(System.Security.Principal.SecurityIdentifier)) first, and then .Translate(typeof(System.Security.Principal.NTAccount)) on the result, has not worked for me; still outputs only BUILTIN\Administrators.
cmd.exe's dir <file> /Q gives the same, as suggested in various places including this answer.
Have also found that $file.GetAccessControl() yields the same, unhelpful info as the Get-Acl commandlet.
