Parent Folder Permissions

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of jason Michel jason Michel 3 weeks, 4 days ago.

  • Author
    Posts
  • #57127
    Profile photo of jason Michel
    jason Michel
    Participant

    So i've been playing around with this script to audit file server folder ACL's, and it works great, just returning too much data. What i was hoping i could do is filter out the folders where there are no special permissions than the parent folder, I think this would help me reduce the amount of entries into my table and allow me to manipulate it into something more readable.. Basically just return ACL info on parent Folder and any special permissions on child objects not inherited by parent.

    $connectionString = "Server=;"
    $tableName = "FilePermissions"

    function WriteSQL ($query)
    {
    if ($debug -eq $true) {Write-Host $query}
    $Connection = New-Object System.Data.SqlClient.SqlConnection
    $Connection.ConnectionString = $connectionString
    $Connection.Open()
    $Command = New-Object System.Data.SqlClient.SqlCommand
    $command.Connection = $Connection
    $command.CommandText = $query
    $command.ExecuteNonQuery()
    $connection.Close()
    }

    $ErrorActionPreference = "Continue"
    $strComputer = $env:ComputerName
    $colDrives = Get-PSDrive -PSProvider Filesystem
    ForEach ($DriveLetter in $colDrives) {
    $StartPath = "E:\Share\"
    Get-ChildItem -LiteralPath $StartPath -Recurse -Directory |
    ForEach {
    $FullPath = Get-Item -LiteralPath (Get-Item -LiteralPath $_.PSPath)
    (Get-Item -LiteralPath $FullPath).GetAccessControl() |
    Select * -Expand Access |
    Select @{N='ServerName';E={$strComputer}},
    @{N='FullPath';E={$FullPath}},
    @{N='Type';E={If($FullPath.PSIsContainer -eq $True) {'D'} Else {'F'}}},
    @{N='Owner';E={$_.Owner}},
    @{N='Trustee';E={$_.IdentityReference}},
    @{N='Inherited';E={$_.IsInherited}},
    @{N='InheritanceFlags';E={$_.InheritanceFlags}},
    @{N='AceFlag';E={$_.PropagationFlags}},
    @{N='AceType';E={$_.AccessControlType}},
    @{N='AccessMasks';E={$_.FileSystemRights}} } |

    %{
    $query = "INSERT INTO $tableName (servername,fullpath,type,owner,trustee,inherited,inheritanceflags,aceflag,acetype,accessmasks) VALUES ('$($_.servername)','$($_.fullpath)','$($_.type)','$($_.owner)','$($_.trustee)','$($_.inherited)','$($_.inheritanceflags)','$($_.aceflag)','$($_.acetype)','$($_.accessmasks)')"
    WriteSQL $query
    }

    }

  • #57170
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    First, if you want to get acls of just some items under E:\Share, why you bother with drive letters?
    Second, when you Get-ChildItems you already get item object and it's FullName. do not need 2nd time call Get-Item
    and thus, except sql, we get

    Get-ChildItem E:\Share -Recurse | Foreach-Object {
      $i = $_;
      $a = $i.GetAccessControl()
      $a.Access |
        Where-Object { -Not $_.IsInherited } |
          Add-Member -PassThru -MemberType Noteproperty -Name FullName -Value $i.FullName |
          Add-Member -PassThru -MemberType Noteproperty -Name Container -Value $i.PSIsContainer |
          Add-Member -PassThru -MemberType Noteproperty -Name Owner -Value $a.Owner
    }
    
  • #57190
    Profile photo of jason Michel
    jason Michel
    Participant

    the drive letter is irrelevant, just a place holder at this point. Its not that i only want some, its predicated on what the ACLs return, i just want to get the parent folders and only the acls on the child folders if they differ from parent

  • #57191
    Profile photo of jason Michel
    jason Michel
    Participant

    so you're saying get rid of the literal path/full path ?

  • #57203
    Profile photo of jason Michel
    jason Michel
    Participant

    where would i insert/replace the code you given me?

  • #57208
    Profile photo of jason Michel
    jason Michel
    Participant

    I'd like to still keep the

    Select @{N='ServerName';E={$strComputer}},
    @{N='FullPath';E={$FullPath}},
    @{N='Type';E={If($FullPath.PSIsContainer -eq $True) {'D'} Else {'F'}}},
    @{N='Owner';E={$_.Owner}},
    @{N='Trustee';E={$_.IdentityReference}},
    @{N='Inherited';E={$_.IsInherited}},
    @{N='InheritanceFlags';E={$_.InheritanceFlags}},
    @{N='AceFlag';E={$_.PropagationFlags}},
    @{N='AceType';E={$_.AccessControlType}},
    @{N='AccessMasks';E={$_.FileSystemRights}} }

    if possible so it matches my sql table

You must be logged in to reply to this topic.