NobleMoose
Reputation: 1
Script to pull ACL on all folders for network drive and list File path, Security Group, users in the security group
Script is running to the end point and returns multiple values for a single file path, unsure if this is just how its providing the output for file path or if it is locked into that folder and looping.
Have been unable to successfully filter out Domain users, Admin and other groups listed on all folders to get just the restricted access SGs
Edit, copied the script I had messed with a little trying to get this working, not the most recent somewhat working version updated below.
#Start Folder#
$startpoint = "<filepath here>"
#Define function for filepaths#
$Filepath = Get-ChildItem -path $startpoint | Where {$_.PSIsContainer} | select fullname
#Find ACL for each filepath#
ForEach ($Folder in $Filepath) {
$ACLObjects = Get-Acl $folder.fullname
}
#Pull information from ACLs#
foreach ($acl in $ACLObjects) {
$accessEntries = $acl.Access
$GroupName = [System.Security.Principal.NTAccount]$IdentityReference.Value
Write-Host "For Folder:" $folder.FullName
$accessEntries | ForEach-Object {
Write-Host "Group Name: $($_.IdentityReference.toString().split('\')[1])"
Write-Host "Access Rights: $($_.AccessControlType) $($_.FileSystemRights)"
Write-Host "List of Users:"
Get-ADGroupMember -Identity $_.IdentityReference.toString().split('\')[1] -recursive| Where {$_.identityreference -notin @("BUILTIN\Administrators", "BUILTIN\Users", "NT AUTHORITY\SYSTEM", "System", "domain users")}| Select-Object Name | Select-Object -ExpandProperty Name
Write-Host " "
}
Write-Host " "
}
This was the last run, pulls the users from domain user SG, but is stuck on the final folder in the path
Upvotes: 0
Views: 3452
Answers (1)
NobleMoose
Reputation: 1
Figured this one out, posting in case others need
#Start Folder#
$startpoint = "<filepath here>"
#Function for filepaths#
$Filepath = Get-ChildItem -path $startpoint -Directory -recurse | select fullname
#Find ACL for each filepath#
ForEach ($Folder in $Filepath) {
$ACLObjects = Get-Acl $folder.fullname
#Pull information from ACLs#
foreach ($acl in $ACLObjects) {
$accessEntries = $acl.Access
$GroupName = $IdentityReference.Value
Write-Host "For Folder:" $folder.FullName
$accessEntries | ForEach-Object {
$groupname = $_.IdentityReference.toString().split('\')[1]
Write-Host "Group Name: $groupname"
Write-Host "Access Rights: $($_.AccessControlType) $($_.FileSystemRights)"
Write-Host "List of Users:"
Get-ADGroupMember -Identity $groupname | Select-Object Name
Write-Host " "
Write-Host "----------------------------------------------------------"
Write-Host " "
}
Write-Host "
"
}
}
Format-list
Upvotes: 0
Related Questions
- Powershell how to get acls from files/directories recursively also including "[" or "]"
- PS - Get All SMB shares with permissions
- Get associated security group for each folder?
- Get ACL Folder & Subfolder + Users Using Powershell
- Get ACL of all folders in shares
- How to Combine Two Powershell Commands for Listing Folders and ACLs
- Get-Acl on a Mapped Drive?
- List all folders, where users (except admin) have allow full access
- How to list folder permissions located on a different server
- Powershell Script to loop through folders checking security permissions