I need some serious help, I am a newb messing it up

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of random commandline random commandline 5 months, 1 week ago.

  • Author
    Posts
  • #63793
    Profile photo of BET
    BET
    Participant

    OKay, so I need some serious help here. I thought I could do this by taking some powershell code and script here and there and meshing it to fit my needs, but I have learned that it is not as easy as I thought. So I think I will be signing up for a class, but I would like to get this project I got myself into out of the way first. I am trying to put together a script that will do a search for types of log files specifically the extension portion ".evtx .evt .etl .log .err" and then take those files and folders that hold them and break down the permissions of them into a .csv file. Now, I have managed to find an awesome PS script for the folder portion that is EXACTLY what I need and want, but the issue it trying to find a command or script (if possible) to pipe the finding the files to the second script which gives me the permissions of the files and folders that I want. Below, you will see the script and you will also notice some lines that have been commented out. Those are some (mind you only some, I have about 15 other tabs opened) of the ways I have tried to make this work for me. Any help or suggestions would be much appreciated. Literally pulling out my hair, lol.

    #.\Get-FilesByExtension.ps1 -FolderPath 'C:\Windows\System32\winevt' -FileExtension '.evtx'
    OutFile = "C:\manIsuck.csv" #Where I want the outputfile to go C:\test\tester and the name of it
    $Header= "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags,FileSystemRights"
    Del $OutFile
    Add-Content -Value $Header -Path $OutFile
    $RootPath = "C:\Windows" #Where I want to look (where the.evtx .evt .etl )
    #Get-Acl C:\Windows\System32\winevt\Logs\*.evtx | Export-Csv C:\filename.csv
    $Folder = dir $RootPath -Recurse | where {$_.psiscontainer -eq $true}
    foreach ($Folder in $Folder) {
    $ACLs = Get-Acl $Folder.FullName | ForEach-Object { $_.Access } #| Get-acl C:\Windows\System32\winevt\Logs\*.evtx
    #Get-ChildItem -r | ? {$_.psiscontainer -eq $false} | ? {gc $_.pspath |select-string -pattern ".evtx"}
    #$File = dir $RootPath -Recurse | where {$_.psiscontainer -eq $true}
    #foreach ($File in $Folder) {
    #$ACLs = Get-Acl $File.FullName | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs){
    if ($ACL.IsInherited -eq $false){
    $OutInfo = $Folder.FullName + "," + $ACL.IdentityReference + "," + $ACL.IsInherited + "," + $ACL.FileSystemRights+ "," + $ACL.InheritananceFlags + "," + $ACL.PropagationFlags
    Add-Content -Value $OutInfo -Path $OutFIle
    }}}

  • #63796
    Profile photo of random commandline
    random commandline
    Participant

    I think this can be improved, but it should export permissions.

    $file = Get-ChildItem \\path\to\files -Recurse -Include *.evtx,*.evt,
    *.etl,*.log,*.err | Get-Acl
    
    $acl = foreach ($f in $file){
            [PSCustomObject]@{
            FullName = $f.Path | Split-Path -NoQualifier
            IdentityReference = $f.Access.IdentityReference -join ','
            IsInherited = $f.Access.IsInherited -join ','
            FileSystemRights = $f.Access.FileSystemRights -join ','
            InheritanceFlags = $f.Access.InheritanceFlags -join ','
            PropagationFlags = $f.Access.PropagationFlags -join ','
            }
    }
    
    $acl | Export-Csv \\path\to\files\acl.csv -NoTypeInformation
    

You must be logged in to reply to this topic.