Check value against array of values

This topic contains 1 reply, has 1 voice, and was last updated by Profile photo of Pieter Pessemier Pieter Pessemier 8 months, 2 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #33695
    Profile photo of Pieter Pessemier
    Pieter Pessemier
    Participant

    Hi,

    I can't seem to figure out how to match a value against an array of values in the where clause.
    Basically I want to check the NTFS permissions on each folder against a list of excluded keywords.
    For example: If the account BUILTIN\Administrators has rights on a subfolder it should be omitted, because the array $ACLExcludes contains the keyword "BUILTIN".

    This is my code:

    Clear-Host
    
    Function Get-MyChildItem
    {
      param
      (
        [Parameter(Mandatory = $true)]
        [String]$Path,
        [System.Int32]$MaxDepth = 3,
        [System.Int32]$Depth = 0
      )
    
        $Depth++
    
        if ($Depth -le $MaxDepth)
        {
            try
            {
                $Subfolders = Get-ChildItem -path $Path -Directory -ErrorAction stop
                foreach ($SubFolder in $SubFolders)
                {
                    Write-Host $Subfolder.FullName -BackgroundColor Green
                    (Get-Acl $Subfolder.FullName).Access | Where { $_.identityreference.value -notmatch $ACLExcludes } | foreach { Write-Host $_.identityreference.value }
                    Get-MyChildItem -Path $SubFolder.FullName -Depth $Depth -MaxDepth $MaxDepth
                }
            }
            catch
            {
                Write-Host "An error occurred for folder" $SubFolder.FullName ":" $_ -BackgroundColor Red
            }
        }
    }
    
    $RootFolder = "C:\ROOTFOLDER"
    $ACLExcludes = "BUILTIN","NT AUTHORITY","CREATOR OWNER"
    Get-MyChildItem -Path $RootFolder -MaxDepth 2
    
    #33711
    Profile photo of Pieter Pessemier
    Pieter Pessemier
    Participant

    I just found the answer myself:

    Function Get-MyChildItem
    {
      param
      (
        [Parameter(Mandatory = $true)]
        [String]$Path,
        [System.Int32]$MaxDepth = 3,
        [System.Int32]$Depth = 0
      )
    
        $Depth++
    
        if ($Depth -le $MaxDepth)
        {
            try
            {
                $Subfolders = Get-ChildItem -path $Path -Directory -ErrorAction stop
                foreach ($SubFolder in $SubFolders)
                {
                    
                    $Permissions = (Get-Acl $Subfolder.FullName).AccessToString.Split("`r`n") | Select-String -pattern $ACLExcludes -NotMatch
                    If ($Permissions.count -gt 0)
                    {
                        Write-Host $Subfolder.FullName -BackgroundColor Green
                        Write-host $Permissions
                    }
                    Get-MyChildItem -Path $SubFolder.FullName -Depth $Depth -MaxDepth $MaxDepth
                }
            }
            catch
            {
                Write-Host "An error occurred for folder" $SubFolder.FullName ":" $_ -BackgroundColor Red
            }
        }
    }
    
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.