Learn Fix: Get-ChildItem : Access denied

Q: How do I list files only in directories I can access without errors?

Use a two-step approach: first enumerate directories with -ErrorAction SilentlyContinue, then get files from each accessible directory. Alternatively, use [System.IO.Directory]::GetFiles() and [System.IO.Directory]::GetDirectories() from .NET, which handle access-denied paths more gracefully by returning partial results without exceptions.

Fix These Errors

Get-ChildItem : Access denied

DodaTech 3 min read

The “Get-ChildItem : Access denied” error occurs when your user account lacks permission to enumerate the targeted files or system directories.

What It Means

Get-ChildItem recursively traverses the filesystem, attempting to read every directory and file. When it encounters a directory whose security descriptor denies your user the Read or List permission, .NET throws an UnauthorizedAccessException. This is especially common when scanning system directories like C:\Windows\System32\config, C:\ProgramData, or C:\Users\*\AppData — some subdirectories are protected even from administrators.

Why It Happens

Your user account lacks read or list permissions on the target directory.
The directory is owned by SYSTEM or TrustedInstaller and is not accessible.
A child directory inherits restricted permissions from a parent.
The file or directory is encrypted with EFS and you are not the encrypting user.
Antivirus software intercepts file system access and blocks enumeration.
You are accessing a network share where the remote permissions are insufficient.
The directory is a reparse point (junction, symlink) pointing to a protected location.

How to Fix It

1. Use `-ErrorAction SilentlyContinue` to skip inaccessible paths

# Skip directories you cannot access
Get-ChildItem -Path "C:\" -Recurse -ErrorAction SilentlyContinue

2. Run PowerShell as Administrator

# Right-click PowerShell and select "Run as administrator"
# Or start a new admin session
Start-Process powershell -Verb RunAs

3. Exclude known system directories

# Skip protected directories explicitly
Get-ChildItem -Path "C:\Windows" -Recurse -ErrorAction SilentlyContinue |
    Where-Object { $_.FullName -notmatch "\\System32\\config|\\WinSxS" }

4. Target only specific directories

# Instead of scanning the entire drive, scan known-accessible paths
$targets = @(
    "C:\Users\$env:USERNAME\Documents",
    "C:\Program Files\MyApp",
    "D:\Data"
)

$targets | ForEach-Object {
    Get-ChildItem -Path $_ -Recurse -ErrorAction SilentlyContinue
}

5. Check and modify directory permissions

# Check current ACL
Get-Acl -Path "C:\RestrictedFolder" | Format-List

# Grant read access (requires admin)
$acl = Get-Acl "C:\RestrictedFolder"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
    "$env:USERNAME", "Read", "ContainerInherit,ObjectInherit",
    "None", "Allow"
)
$acl.SetAccessRule($rule)
Set-Acl -Path "C:\RestrictedFolder" -AclObject $acl

6. Use `-Depth` to limit recursion depth

# Only go one level deep
Get-ChildItem -Path "C:\Users" -Depth 1

Why does Get-ChildItem show access denied even when I run as Administrator?

Some Windows system directories are protected by TrustedInstaller or have ACLs that explicitly deny all users, including administrators. Folders like C:\Windows\System32\config\RegBack, C:\Windows\CSC, and C:\System Volume Information require taking ownership before access. Use -ErrorAction SilentlyContinue for recursive scans of the entire system drive.

Does -ErrorAction SilentlyContinue suppress all errors, not just access denied?

Yes — it suppresses all non-terminating errors for that command. Use it carefully because it can hide genuine problems like invalid paths or disk errors. For more granular control, use a try/catch block or filter errors with -ErrorVariable: Get-ChildItem -Path "C:\" -ErrorVariable errs -ErrorAction SilentlyContinue captures only the errors without stopping execution.

How do I list files only in directories I can access without errors?

Use a two-step approach: first enumerate directories with -ErrorAction SilentlyContinue, then get files from each accessible directory. Alternatively, use [System.IO.Directory]::GetFiles() and [System.IO.Directory]::GetDirectories() from .NET, which handle access-denied paths more gracefully by returning partial results without exceptions.

Previous fatal: detected dubious ownership in repository Next java.lang.UnsupportedOperationException

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro

Home Browse Fix These Errors