CODEWITHSUNDEEP
powershellfile-permissions
Martin_K
Martin_K

Reputation: 123

Auditing NTFS permissions using input list of folders

I'm trying to do an audit of some folders. I need to get NTFS permissions of every folder listed in input file. I have a folderlist.txt with folder paths.

This is the script I have:

$InputFile = "C:\Folderlist.txt"
$OutputFile = "C:\FolderPermissions.csv"
$FolderList = Get-Content $InputFile

ForEach ($Folder in $FolderList)
{
    $Permissions = (Get-ACL $Folder).access | ForEach-Object {$_ |
        Add-Member -MemberType NoteProperty -Name Folder -Value $Folder}
    $Report += $Permissions
}

$Report | Select-Object Folder,IdentityReference,FileSystemRights,IsInherited |
    Where {$_.Folder -ne $Null -and $_.IdentityReference -like "HARRAHS*" -and $_.IsInherited -ne "TRUE"} |
    Export-CSV $OutputFile -NoTypeInformation

but it does not give any output. I'm powershell noob, can someone please guide me and tell me what am I doing wrong? The output I need is basically name of the folder and groups and users with permissions. E.g.:

Folder Path    IdentityReference    AccessControlType
C:\Folder1\    DOMAIN\User1         Read
C:\Folder1\    DOMAIN\Group1        Write
C:\Folder2\    DOMAIN\User2         Modify
C:\Folder2\    DOMAIN\Group2        Full

Any help is greatly appreciated. Thanks a lot.

Upvotes: 1

Views: 1089

Answers (1)

Ansgar Wiechers
Ansgar Wiechers

Reputation: 200283

This is your culprit:

$Permissions = (Get-ACL $Folder).access | ForEach-Object {
  $_ | Add-Member -MemberType NoteProperty -Name Folder -Value $Folder
}

You pipe the ACEs into a loop where you add a property to each. However, the | Add-Member construct doesn't output the modified objects, so there's nothing left to be assigned to $Permissions.

This could be fixed by adding ; $_ after the Add-Member statement in order to re-inject the objects into the pipeline:

$Permissions = (Get-ACL $Folder).access | ForEach-Object {
  $_ | Add-Member -MemberType NoteProperty -Name Folder -Value $Folder; $_
}

I would, however suggest a slightly different approach. Since you're filtering the object properties later on anyway you could directly pipe the ACEs into the Select-Object cmdlet and add the path with a calculated property:

Get-Content $InputFile | % {
  $Folder = $_
  (Get-Acl $Folder).Access |
    Select-Object @{n='Folder';e={$Folder}}, IdentityReference,
                  FileSystemRights, IsInherited
} | ? {
  $_.Folder -ne $null -and
  $_.IdentityReference -like "HARRAHS*" -and
  $_.IsInherited -ne 'True'
} | Export-CSV $OutputFile -NoTypeInformation

Upvotes: 1

Related Questions