Author Posts

December 31, 2014 at 1:37 am

Hello PowerShell gurus,

I'm a newb on Powershell, looking for a function/script that accomplishes the following:

Input is a folder or UNC path (get-childitem)
The output should look like this (csv format, I need to import it in Excel or Access later on), i.e. an entry for each user/group that has access to the folder.

"d:\MyPath\MyFolder","NT AUTHORITY\SYSTEM","Allow","Full Control"
"d:\MyPath\MyFolder","ACME\Helpdesk","Allow","ReadAndExecute"
"d:\MyPath\MyFolder","ACME\Helpdesk","Allow","Synchronize"
"d:\MyPath\MyFolder","ACME\Domain Admins","Allow","Full Control"

I think it would require to rewrite the scriptproperty 'AccessToString' from the get-ACL cmdlet.
Anyone know how to do this (or has another neat solution) ?

tx.
BB

December 31, 2014 at 4:50 am

Here's a simple example:

$Path = 'D:\MyPath\MyFolder'
$CSVPath = 'C:\MyPath\Acl.csv'
$ACL = Get-Acl -Path $Path 

foreach ($Entry in $ACL.Access)
{
    [PsCustomObject]@{
        Path = $Path
        IdentityReference = $Entry.IdentityReference
        AccessControlType = $Entry.AccessControlType
        FileSystemRights  = $Entry.FileSystemRights
    } | Export-Csv -Path $CSVPath -NoTypeInformation
}

December 31, 2014 at 5:02 am

If you want to make a reuseable function though, you can take Matt's excellent example a little further:

Function Get-FolderACL{[cmdletbinding[]]

    Param[
            [Parameter[Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True]][ValidateNotNullorEmpty[]][string[]]$Path
    ]#EndParam


        $Directory = Get-Acl -Path $Path

        ForEach[$Dir in $Directory.Access]{
            [PSCustomObject]@{
                Path = $Path
                Group = $Dir.IdentityReference
                AccessType = $Dir.AccessControlType
                Rights = $Dir.FileSystemRights
                }
        }#EndForEach

}#EndFunction

Jeff Hicks just wrote an excellent article on building advanced functions. I highly recommend you give it a read:
http://www.petri.com/creating-advance-functions-powershell.htm?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Petri+%28Petri+IT+Knowledgebase%29

January 1, 2015 at 5:57 am

You should also check Raimund Andrée's "File System Security PowerShell Module 3.2.2 " https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85 on Microsoft's website.

He updated it about two weeks ago. I had built a number of functions similar to yours, but will now use this module instead.

January 2, 2015 at 2:39 pm

What if we need not only the .identityreference property but also all members in case it is a group? How do get this out? Can we somehow incorporate the below in the get-acl code?

{Get-CimInstance -ClassName Win32_Group -Filter "Name = 'Adminis'" Get-CimAssociatedInstance -InputObject $group -ResultClassName Win32_Group | select -ExpandProperty Caption}

Also when to use [PSCustomObject]@{} rather than Select-Object @{}?

January 5, 2015 at 11:10 pm

Thank you all for your input; it has been very helpful.
I'm definitely going to look into the Filesystem security module, because it seems to address some issues I came accross too (e.g. long pathnames)