CODEWITHSUNDEEP
powershellacl
rschirin
rschirin

Reputation: 2049

Export/import ACL using csv

I want to export in a csv file the ACL of every subfolder starting from a root folder and then to import them of mirroring folders on another computer.

I'm using this code to export from C:\Users\user\Desktop\a :

Get-ChildItem "C:\Users\user\Desktop\a" -Recurse | ?{ $_.PsIsContainer } | %{
$Path = $_.FullName
# Exclude inherited rights from the report
(Get-Acl $Path).Access | ?{ !$_.IsInherited } | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights
} | Export-CSV "C:\Users\user\Desktop\Permissions.csv"

and this code to import ACL:

$par = Import-Csv -Path "C:\Users\user\Desktop\Permissions.csv"
foreach ( $i in $par ) { 
    $path= $i.Path
    $IdentityReference= $i.IdentityReference
    $AccessControlType=$i.AccessControlType
    $InheritanceFlags= $i.InheritanceFlags
    $PropagationFlags=$i.PropagationFlags
    $FileSystemRights=$i.FileSystemRights
    echo $path $IdentityReference
    $acl = Get-Acl C:\Users\user\Desktop
    $permission = $i.IdentityReference,$i.FileSystemRights,$i.AccessControlType
    $accessRule = new-object System.Security.AccessControl.FileSystemAccessRule $permission
    $acl.SetAccessRule($accessRule)
    $acl | Set-Acl $path
}

Permissions.csv is something like this:

#TYPE Selected.System.Security.AccessControl.FileSystemAccessRule
"Path","IdentityReference","AccessControlType","InheritanceFlags","PropagationFlags","FileSystemRights"
"C:\Users\user\Desktop\a\b","DITOADMIN\pluto","Allow","None","None","ReadAndExecute, Synchronize"
"C:\Users\user\Desktop\a\b\c","DITOADMIN\pluto","Allow","ContainerInherit, ObjectInherit","None","ReadAndExecute, Synchronize"
"C:\Users\user\Desktop\a\b\c","DITOADMIN\admin","Allow","None","None","FullControl"
"C:\Users\user\Desktop\a\b\c","DITOADMIN\pippo","Allow","ContainerInherit, ObjectInherit","None","ReadAndExecute, Synchronize"

unfortunately, import action doesn't work since only last permission is imported (so only for pippo user and not for pluto).

anybody knows why?

Upvotes: 0

Views: 12967

Answers (2)

George Kuff
George Kuff

Reputation: 21

It's almost perfect. Here you add the permission from the CSV to the folder, but you keep the old permission on it. You dont "reset/copy" the ACL from one folder to the other.

So instead of getting the ACL of the receiving folder: $acl = Get-Acl $path

Ive create a new one: $acl = New-Object System.Security.AccessControl.DirectorySecurity

But then, i lose the Owner attribute. So i need a way to export the owner in the CSV with the rights..

Upvotes: 0

rschirin
rschirin

Reputation: 2049

I've fixed it. the problem was the line, the path I use here was wrong (should be the path from the CSV import)

$acl = Get-Acl C:\Users\user\Desktop
$permission = $i.IdentityReference,$i.FileSystemRights,$i.AccessControlType

I've changed with

$acl = Get-Acl $path
$permission = $IdentityReference, $FileSystemRights, $InheritanceFlags, $PropagationFlags, $AccessControlType

bye

Upvotes: 1

Related Questions