At work we have a folder with lots of subfolders named like "MeyerS". (Lastname and the first letter of surname)
When I take a look at Get-ChildItem $path | Get-Acl the username equals the subfolder-name. But there is also a "SCHUELER\" in front of "MeyerS". This is what the output looks like a.e.: SCHUELER\MeyerS Allow Write, ReadAndExecute, Synchronize
Some subfolders don't have this kind of username. Now I want to output all these subfolders without this username- "combination".
With my first codesnippet I get all of them, but I really just want these specific ones.
I checked some similar questions, and found something. I modified it, but it shows all subfolders just without SCHUELER\MeyerS. I think I just need a small push to the right way.
The code so far:
$path = "R:\HOME"
$folders = Get-ChildItem $path | where {$_.psiscontainer}
foreach ($folder in $folders){
$domain = "domname"
$aclname = "ACLname"
$aclfullname ="$domain\$aclname"
Get-Acl | select -ExpandProperty Access | where {$_.identityreference -notcontains $aclfullname}
Write-Host $folder.FullName}
Short note: I tried a lot of variations with -noteq or -notlike.
What do I have to change?
If there is already an answer I really didn't know.
Sometimes it's really hard to enunciate yourself in another language. I hope you get my point.
Thanks.
$path = "R:\HOME"
$folders = Get-ChildItem $path | where {$_.psiscontainer}
foreach ($folder in $folders)
{
$domain = "domname"
$aclname = "ACLname"
$aclfullname ="$domain\$aclname"
$FoldersWithAclFullName = $null
$FoldersWithAclFullName = Get-Acl -Path $Folder `
| Select-Object -ExpandProperty Access `
| Where-Object -Property IdentityReference -ne -Value $aclfullname
if ( -not $FoldersWithAclFullName )
{
Write-Host $folder.FullName
}
}
Related
I have some shared files set up for me for testing purposes, on a Windows Server 2016.
My given task is to get all the users, and their access rights to there shared files/folders.
I get the shared files with
Get-SmbShare | Select-Object -Property Name, Path
What I think I should do, is passing each share's path into
Get-Acl
So I came up with this:
$shares = Get-SmbShare | Where-Object Name -notlike "*$" | Select-Object Name
foreach ($share in $shares){
$path = "\\$env:COMPUTERNAME\" + $share.Name.ToString()
$FolderPath = dir -Directory -Path $path -Recurse -Force
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Folder.FullName;
$Access.IdentityReference;
$Access.FileSystemRights;
$Access.IsInherited
}
}
}
My question is: How could I format this output, so it looks readable, and/or is there a simpler, maybe cleaner to do what I intend to do?
I want to remove ALL AD User objects from a directory/folder security.
So, this maybe a stupid post and i appologise if it is...but basically i want to recurse through a directoery and remove all user objects from permissions. Folder permissions should be secured using groups, buit occasionally there are user onjects directly being added to folders breaking the rules. I've got a simple little script that works great for specific users, but i'm having trouble setting this to use a variable, eg all domain user accounts. If i specify the $user variable as an AD search for instance it just doesnt work, eg $USER = 'Get-ADuser -filter * -Server 'DOMAIN -properties SamAccountName | Select SamAccountName
I'm assumign this doesnt like the variable field set this way. Any help or advise much appreciated. Thanks.
$filepath = 'C:\Temp\ACLTesting'
$user = 'DOMAIN\USER'
Get-ChildItem $filePath -Recurse -Directory | ForEach-Object {
$acl = Get-Acl -Path $_.FullName
$acl.Access | Where-Object {
$_.IdentityReference.Value -eq $user
} | ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
}
Set-Acl -Path $_.FullName -AclObject $acl
}
Unfortunately still cant get this to work using user variables... am i missing something or is this not a possible function? Thanks....
Putting this to one side for now as still cant get it to work and other things have cropped up to look at. Will revisit this at somepoint though. Any suggestions always welcome. Thanks.
Slightly modifying what you posted, try this …
$filepath = 'C:\Temp\ACLTesting'
$DomainUsers = (Get-ADUser -Filter *).SamAccountName
ForEach ($DomainUser in $DomainUsers)
{
Get-ChildItem $filePath -Recurse -Directory |
ForEach-Object {
$acl = Get-Acl -Path $_.FullName
$acl.Access |
Where-Object {
$_.IdentityReference.Value -eq $DomainUser
} |
ForEach-Object {
$acl.RemoveAccessRule($_) | Out-Null
}
Set-Acl -Path $_.FullName -AclObject $acl
}
}
I like to know how to get 5J91Q4CX.C10 to use in a variable.
C:\Users\user\AppData\Local\Apps\2.0\5J91Q4CX.C10
On all user profiles this folder has a different name.
It is always 8 numbers and digits then a . and then 3 digits or numbers.
I need to use this for a powershell script.
Any idea how I can make a variable for this foldername?
Thanks
I'd do something like this:
#Loop through all user profile folders using something like this:
$userFolders = Get-ChildItem -Path "C:\Users\" -Directory -Force -ErrorAction SilentlyContinue |
Where-Object { #('All Users','Default User', 'Public', 'Default') -notcontains $_.Name } |
Select-Object -ExpandProperty Name
# next loop through these folders to find the foldername that can be different for each user
foreach ($userName in $userFolders) {
$folderName = Get-ChildItem -Path "C:\Users\$userName\AppData\Local\Apps\2.0" -Directory -Force -ErrorAction SilentlyContinue |
Where-Object { $_.Name -match '[A-Za-z0-9]{8}\.[A-Za-z0-9]{3}' } |
Select-Object -ExpandProperty Name
# do something with this variable
Write-Host "C:\Users\$userName\AppData\Local\Apps\2.0\$folderName"
}
Some RegEx could do the trick:
$str = "C:\Users\user\AppData\Local\Apps\2.0\5J91Q4CX.C10"
$str -match '.*\\(.*)$'
$matches[1] # 5J91Q4CX.C10
.*\\(.*)$ matches all chars after the last dash \ and before the end of the line $
not sure what you are really trying to do... you could do a directory search through the C:\Users to report back on all subfolders and then a Foreach loop to go through each subfolder and create the file wanted in the destination etc, something like:
$FOLDERS = Get-ChildItem C:\Users -Directory
FOREACH ($FOLDER in $FOLDERS) {
#WHATEVER YOU WANT TO DO
}
I am looking to write a powershell script to search all user profiles on a server for a specific file, compare the files by the lastmodifieddate, and then copy the newest file to all user profiles. The script will also create a backup of the last three versions of the file.
I previously wrote this script for our pilot environment where only two people were accessing the app (this is for a XenApp), but the user base has now expanded and I would like to create the prod version of the script to cover future growth.
Any help would be very much appreciated. Thanks! Script below...
$SRC1 = "\\Server\c$\Users\XXXX1\AppData\Roaming\EMIESiteListManager\sitelist.xml"
$SRC2 = "\\Server\c$\Users\XXXX2\AppData\Roaming\EMIESiteListManager\sitelist.xml"
$SRC3 = "\\Server\c$\Users\XXXX3\AppData\Roaming\EMIESiteListManager\sitelist.xml"
$BKU = "\\storage\IT\EMSLM\Backup"
if ( (get-item $SRC1).LastWriteTime -gt (get-item $SRC2).LastWriteTime ) {Copy-Item $SRC1 $SRC2}
else {Copy-Item $SRC2 $SRC1}
if ( (get-item $SRC1).LastWriteTime -gt (get-item $SRC3).LastWriteTime ) {Copy-Item $SRC1 $SRC3}
else {Copy-Item $SRC3 $SRC1}
if ( (get-item $SRC1).LastWriteTime -gt (get-item $SRC2).LastWriteTime ) {Copy-Item $SRC1 $SRC2}
Remove-Item $BKU\sitelist_old_2.xml
Rename-Item $BKU\sitelist_old_1.xml $BKU\sitelist_old_2.xml
Rename-Item $BKU\sitelist.xml $BKU\sitelist_old_1.xml
Copy-Item $SRC1 $BKU
& 'C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exe'
Exit
this isn't everything, but it should be a good place to start
$users = dir "\\Server\c$\Users" -Directory | select -ExpandProperty fullname
$newest = dir "\\Server\c$\Users\*\AppData\Roaming\EMIESiteListManager\sitelist.xml" | sort lastwritetime -Descending | select -First 1 -ExpandProperty fullname
$files = #()
$users | % {
$files += $newest -replace [regex]::Escape($_)
}
$newestEnd = $files | sort {$_.length} | select -f 1
$users | % {
$dest = Join-Path $_ $newestEnd
copy $newest $dest -force
}
Working off of Anthony Stringer's response I was able to build a script that meets my exact needs. Anthony's script would have worked, but was missing a couple things that I wanted:
1.) Identify all profiles with an existing sitelist.xml file and place in an array or hash table.
2.) Copy only to those user profiles where the sitelist.xml file existed (my fault, I never requested this in my original question)
Thank you Anthony for the starting point. Updated script below:
$Users = dir "\\server\c$\Users" -Directory -Exclude Public, Default, Administrator* | select -ExpandProperty fullname
$FilePath = "AppData\Roaming\EMIESiteListManager\sitelist.xml"
$UserPath = Join-Path -path $Users $filePath
$NewestFile = dir "\\server\c$\Users\*\AppData\Roaming\EMIESiteListManager\sitelist.xml" | sort lastwritetime -Descending | select -First 1 -ExpandProperty fullname
$BackUp = "\\storage\ctxvol01\appdata\IT\EMSLM\Backup"
$BackUpFile = "\\storage\ctxvol01\appdata\IT\EMSLM\Backup\sitelest.xml"
$EMSLM_Users = #()
$UserPath | ForEach {
If ((Test-Path -path $_) -eq $true)
{$EMSLM_Users += $_}
}
$EMSLM_Users | ForEach-Object {
Copy-Item $NewestFile $_ -force -erroraction silentlycontinue
}
If ($NewestFile.lastwritetime -gt $BackUpFile.lastwritetime)
{
Remove-Item $BackUp\sitelist_old_2.xml -and Rename-Item $BackUp\sitelist_old_1.xml $BackUp\sitelist_old_2.xml -and Rename-Item $BackUp\sitelist.xml $BackUp\sitelist_old_1.xml -and Copy-Item $NewestFile $BackUp
}
& 'C:\Program Files (x86)\Enterprise Mode Site List Manager\EMIESiteListManager.exe'
Exit
I've check other posts and even following those I can't get this to function.
I'm trying to pull all of the ACL information from a drive but exclude the Windows folder.
This is the code I'm using, but it always tries to include the folder. Can someone tell me why this isn't working?
I've also tried Where-Object.
$containers = Get-ChildItem -Path $Path -Recurse -Exclude $exclude |
? {$_.FullName -notmatch '\\windows\\?'}
Main Code:
function Get-PathPermissions {
param ( [Parameter(Mandatory=$true)] [System.String]${Path} )
begin {
$root = Get-Item $Path
($root | Get-Acl).Access |
Add-Member -MemberType NoteProperty -Name "Path" -Value $($root.fullname).ToString() -PassThru
}
process {
$exclude = #('C:\Windows\*')
$containers = Get-ChildItem -Path $Path -Recurse -Exclude $exclude |
? {$_.psIscontainer -eq $true}
if ($containers -eq $null) {break}
foreach ($container in $containers)
{
(Get-Acl $container.FullName).Access |
? { $_.IsInherited -eq $false } |
Add-Member -MemberType NoteProperty -Name "Path" -Value $($container.fullname).ToString() -PassThru
}
}
}
Get-PathPermissions $args[0]
Filtering with -notmatch '\\windows\\?' should work. I'd use the full path, though, to avoid potential undesired exclusions:
$containers = Get-ChildItem -Path $Path -Recurse |
? { $_.FullName -notmatch '^c:\\windows\\?' -and $_.PSIsContainer}
On PowerShell v3 or newer you can also use the -Directory switch for restricting the results to directories:
$containers = Get-ChildItem -Path $Path -Recurse -Directory |
? { $_.FullName -notmatch '^c:\\windows\\?' }
Couple points about the -Exclude parameter. While it does not explicitly mention it in the documentation it seems to work based on file and directory names.... not the full paths themselves. As a result of that point it does not, in any way, work recursively with directories which I think is your actual conundrum.
Since C:\Windows\* is not a valid directory name that is why it is not filtering anything. Jisaak's suggestion of changing $exclude to just "windows" did work in a sense. If you looked at your output you would have noticed that the actual "c:\windows" folder was missing. What you are actually having a problem with is that exclude does nothing for the sub folders of C:\windows which I will guess is what you intended.
There is another SO post about how -Exclude basically sucks. It can be useful as long as you understand its limitations. Ansgar's answer covers the way around that. It will make sure nothing in the tree of C:\windows ends up in your results.