Parent Folder Permissions

Welcome Forums General PowerShell Q&A Parent Folder Permissions

This topic contains 5 replies, has 2 voices, and was last updated by

 
Participant
2 years, 6 months ago.

  • Author
    Posts
  • #57127

    Participant
    Topics: 1
    Replies: 4
    Points: 0
    Rank: Member

    So i've been playing around with this script to audit file server folder ACL's, and it works great, just returning too much data. What i was hoping i could do is filter out the folders where there are no special permissions than the parent folder, I think this would help me reduce the amount of entries into my table and allow me to manipulate it into something more readable.. Basically just return ACL info on parent Folder and any special permissions on child objects not inherited by parent.

    $connectionString = "Server=;"
    $tableName = "FilePermissions"

    function WriteSQL ($query)
    {
    if ($debug -eq $true) {Write-Host $query}
    $Connection = New-Object System.Data.SqlClient.SqlConnection
    $Connection.ConnectionString = $connectionString
    $Connection.Open()
    $Command = New-Object System.Data.SqlClient.SqlCommand
    $command.Connection = $Connection
    $command.CommandText = $query
    $command.ExecuteNonQuery()
    $connection.Close()
    }

    $ErrorActionPreference = "Continue"
    $strComputer = $env:ComputerName
    $colDrives = Get-PSDrive -PSProvider Filesystem
    ForEach ($DriveLetter in $colDrives) {
    $StartPath = "E:\Share\"
    Get-ChildItem -LiteralPath $StartPath -Recurse -Directory |
    ForEach {
    $FullPath = Get-Item -LiteralPath (Get-Item -LiteralPath $_.PSPath)
    (Get-Item -LiteralPath $FullPath).GetAccessControl() |
    Select * -Expand Access |
    Select @{N='ServerName';E={$strComputer}},
    @{N='FullPath';E={$FullPath}},
    @{N='Type';E={If($FullPath.PSIsContainer -eq $True) {'D'} Else {'F'}}},
    @{N='Owner';E={$_.Owner}},
    @{N='Trustee';E={$_.IdentityReference}},
    @{N='Inherited';E={$_.IsInherited}},
    @{N='InheritanceFlags';E={$_.InheritanceFlags}},
    @{N='AceFlag';E={$_.PropagationFlags}},
    @{N='AceType';E={$_.AccessControlType}},
    @{N='AccessMasks';E={$_.FileSystemRights}} } |

    %{
    $query = "INSERT INTO $tableName (servername,fullpath,type,owner,trustee,inherited,inheritanceflags,aceflag,acetype,accessmasks) VALUES ('$($_.servername)','$($_.fullpath)','$($_.type)','$($_.owner)','$($_.trustee)','$($_.inherited)','$($_.inheritanceflags)','$($_.aceflag)','$($_.acetype)','$($_.accessmasks)')"
    WriteSQL $query
    }

    }

  • #57170

    Participant
    Topics: 2
    Replies: 376
    Points: 0
    Rank: Member

    First, if you want to get acls of just some items under E:\Share, why you bother with drive letters?
    Second, when you Get-ChildItems you already get item object and it's FullName. do not need 2nd time call Get-Item
    and thus, except sql, we get

    Get-ChildItem E:\Share -Recurse | Foreach-Object {
      $i = $_;
      $a = $i.GetAccessControl()
      $a.Access |
        Where-Object { -Not $_.IsInherited } |
          Add-Member -PassThru -MemberType Noteproperty -Name FullName -Value $i.FullName |
          Add-Member -PassThru -MemberType Noteproperty -Name Container -Value $i.PSIsContainer |
          Add-Member -PassThru -MemberType Noteproperty -Name Owner -Value $a.Owner
    }
    
  • #57190

    Participant
    Topics: 1
    Replies: 4
    Points: 0
    Rank: Member

    the drive letter is irrelevant, just a place holder at this point. Its not that i only want some, its predicated on what the ACLs return, i just want to get the parent folders and only the acls on the child folders if they differ from parent

  • #57191

    Participant
    Topics: 1
    Replies: 4
    Points: 0
    Rank: Member

    so you're saying get rid of the literal path/full path ?

  • #57203

    Participant
    Topics: 1
    Replies: 4
    Points: 0
    Rank: Member

    where would i insert/replace the code you given me?

  • #57208

    Participant
    Topics: 1
    Replies: 4
    Points: 0
    Rank: Member

    I'd like to still keep the

    Select @{N='ServerName';E={$strComputer}},
    @{N='FullPath';E={$FullPath}},
    @{N='Type';E={If($FullPath.PSIsContainer -eq $True) {'D'} Else {'F'}}},
    @{N='Owner';E={$_.Owner}},
    @{N='Trustee';E={$_.IdentityReference}},
    @{N='Inherited';E={$_.IsInherited}},
    @{N='InheritanceFlags';E={$_.InheritanceFlags}},
    @{N='AceFlag';E={$_.PropagationFlags}},
    @{N='AceType';E={$_.AccessControlType}},
    @{N='AccessMasks';E={$_.FileSystemRights}} }

    if possible so it matches my sql table

The topic ‘Parent Folder Permissions’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort