# I need some serious help, I am a newb messing it up

This topic contains 1 reply, has 2 voices, and was last updated by  random commandline 5 months, 1 week ago.

• Author
Posts
• #63793

BET
Participant

OKay, so I need some serious help here. I thought I could do this by taking some powershell code and script here and there and meshing it to fit my needs, but I have learned that it is not as easy as I thought. So I think I will be signing up for a class, but I would like to get this project I got myself into out of the way first. I am trying to put together a script that will do a search for types of log files specifically the extension portion ".evtx .evt .etl .log .err" and then take those files and folders that hold them and break down the permissions of them into a .csv file. Now, I have managed to find an awesome PS script for the folder portion that is EXACTLY what I need and want, but the issue it trying to find a command or script (if possible) to pipe the finding the files to the second script which gives me the permissions of the files and folders that I want. Below, you will see the script and you will also notice some lines that have been commented out. Those are some (mind you only some, I have about 15 other tabs opened) of the ways I have tried to make this work for me. Any help or suggestions would be much appreciated. Literally pulling out my hair, lol.

#.\Get-FilesByExtension.ps1 -FolderPath 'C:\Windows\System32\winevt' -FileExtension '.evtx'
OutFile = "C:\manIsuck.csv" #Where I want the outputfile to go C:\test\tester and the name of it
$Header= "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags,FileSystemRights" Del$OutFile
Add-Content -Value $Header -Path$OutFile
$RootPath = "C:\Windows" #Where I want to look (where the.evtx .evt .etl ) #Get-Acl C:\Windows\System32\winevt\Logs\*.evtx | Export-Csv C:\filename.csv$Folder = dir $RootPath -Recurse | where {$_.psiscontainer -eq $true} foreach ($Folder in $Folder) {$ACLs = Get-Acl $Folder.FullName | ForEach-Object {$_.Access } #| Get-acl C:\Windows\System32\winevt\Logs\*.evtx
#Get-ChildItem -r | ? {$_.psiscontainer -eq$false} | ? {gc $_.pspath |select-string -pattern ".evtx"} #$File = dir $RootPath -Recurse | where {$_.psiscontainer -eq $true} #foreach ($File in $Folder) { #$ACLs = Get-Acl $File.FullName | ForEach-Object {$_.Access }
Foreach ($ACL in$ACLs){
if ($ACL.IsInherited -eq$false){
$OutInfo =$Folder.FullName + "," + $ACL.IdentityReference + "," +$ACL.IsInherited + "," + $ACL.FileSystemRights+ "," +$ACL.InheritananceFlags + "," + $ACL.PropagationFlags Add-Content -Value$OutInfo -Path $OutFIle }}} • #63796 random commandline Participant I think this can be improved, but it should export permissions. $file = Get-ChildItem \\path\to\files -Recurse -Include *.evtx,*.evt,
*.etl,*.log,*.err | Get-Acl

$acl = foreach ($f in $file){ [PSCustomObject]@{ FullName =$f.Path | Split-Path -NoQualifier
IdentityReference = $f.Access.IdentityReference -join ',' IsInherited =$f.Access.IsInherited -join ','
FileSystemRights = $f.Access.FileSystemRights -join ',' InheritanceFlags =$f.Access.InheritanceFlags -join ','
PropagationFlags = $f.Access.PropagationFlags -join ',' } }$acl | Export-Csv \\path\to\files\acl.csv -NoTypeInformation


You must be logged in to reply to this topic.