I want to dynamically output the file using the name of the server its been run instead of specifying what name to use. as i want to run the code on multiple servers using multi-instance approach.
$OutFile = "C:\Users\munjanga\Documents\AoN Project\Execute\Output.csv"
$Header = "FolderPath,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "C:\Users\munjanga\Documents\Operations Orchestration"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}
}
If I understand you correctly, you want to change $OutFile depending on name of server. You can do that using MachineName property of Environment class:
$OutFile = "C:\Users\munjanga\Documents\AoN Project\Execute\$([Environment]::MachineName).csv"
Related
I am recursively getting a list of folders with their respective permissions in a powershell script, however when the recursive part happens my output string keeps printing the folder structure each time an example of this is:
I have a folder called C:\temp, within that folder are 2 empty folders C:\temp\folder1 and C:\temp\folder2. With my script the output would be:
I have left out the permissions for readability
C:\temp
C:\temp\folder1
C:\temp
C:\temp\folder2
I don't want this to happen I want a list of folders with their permissions and then if the permissions on a child folder are different then look at the get the child folders of that folder. This works apart from the string building which I think I need a fresh pair of eyes to look at it because I'm getting nowhere.
Appreciate the help in advance,
Sam
CODE:
Add-Type -AssemblyName System.Windows.Forms
Import-Module ActiveDirectory
$info = ""
$OutputString
$step = 0
function DisplayForm{
#Some GUI code
#$textBox takes in the base folder from the user
if ($result -eq [System.Windows.Forms.DialogResult]::OK)
{
$baseFolder = $textBox.Text
$ParentProperties = (Get-Acl $baseFolder).Access| Select-Object -ExpandProperty IdentityReference
$OutputString = $OutputString + $baseFolder + "`r`n" + $ParentProperties + "`r`n`r`n"
$ChildFolders = Get-ChildItem $baseFolder | where {$_.Attributes -eq 'Directory'}
FindPriorities($baseFolder)
$info = "SAVED TO FOLDER"
outputList
}
}
function FindPriorities{
param($fileName)
$ChildFolders = Get-ChildItem $fileName | where {$_.Attributes -eq 'Directory'}
$step = $step + 1
$TempString = ""
foreach ($folder in $ChildFolders){
$child = $fileName + "\\" + $folder.name
$ParentProperties = (Get-Acl $fileName).Access| Select-Object -ExpandProperty IdentityReference
$ChildProperties = (Get-Acl $child).Access| Select-Object -ExpandProperty IdentityReference
$parentString=""
foreach ($p in $ParentProperties){
$parentString= $parentString + $p
}
$childString=""
foreach ($c in $childProperties){
$childString = $childString + $c
}
if($childString -ne $parentString){
$OutputString = $OutputString + $child + "`r`n" + $ChildProperties + "`r`n`r`n"
FindPriorities ($child)
}else{
$OutputString = $OutputString + $child + "`r`n" + $ChildProperties + "`r`n`r`n"
}
}
}
function outputList{
$OutputString
}
DisplayForm
I think I understood what you want to do.
Please give this snippet a try:
function Get-IdentityReference($path) {
Get-Acl $path |
Select-Object -ExpandProperty Access |
Select-Object -ExpandProperty IdentityReference
}
function Extract-Permissions($baseFolder) {
$folders = Get-ChildItem $baseFolder | Where-Object { $_.PSisContainer }
$baseACL = Get-IdentityReference $baseFolder
"$baseFolder : $baseACL"
foreach($folder in $folders) {
$folderACL = Get-IdentityReference $folder.FullName
$childFolders = Get-ChildItem $folder.FullName | Where-Object { $_.PSisContainer }
"$($folder.FullName) : $folderACL"
foreach($childFolder in $childFolders) {
$childACL = Get-IdentityReference $childFolder.FullName
if(Compare-Object $childACL $folderACL) {
Extract-Permissions $childFolder.FullName
} else {
"$($childFolder.FullName) : $childACL"
}
}
}
}
$baseFolder = "$env:USERPROFILE\Desktop"
Extract-Permissions $baseFolder
I'm trying to do the following -
$OutFile = "C:\temp\Audit_Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "\\netapp\DATA"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}}
The problem is that about 3 or 4 levels deep into the folder structure I no longer need to do a recursive. There's the potential for thousands of folders in the format of yyyy\mm\dd which I want to ignore. yyyy being the first folder.
so I want the audit on something like this -
\\netapp\data\folder1
\\netapp\data\folder2
\\netapp\data\folder2\folderA
\\netapp\data\folder3
\\netapp\data\folder3\folderA
\\netapp\data\folder3\folderA\testfolder
But as soon as it hits the following in any tree I want it to stop going further down -
\\netapp\data\folder3\folderA\testfolder\yyyy
This is one way to omit the foldername with yyyy.
You can adjust the RegEx part if you want to be more precise.
$Folders = dir $RootPath -recurse | where {($_.psiscontainer -eq $true) -AND ($_.FullName -notmatch '\\\d{4}($|\\)'}
$ServerList = Get-Content "C:\Users\munjanga\Desktop\Execute\Testing\servers.txt"
$ServerList
$Header="FolderPath,IdentityReference,AccessControlType,IsInherited,InheritedFlags,PropagationFlags"
Add-Content -Value $Header -Path $Output
Foreach ($Server in $ServerList) {
$output = "\\C:\Users\munjanga\Desktop\Repositroy "$server.output.csv"
Del $Output -ErrorAction SilentlyContinue
$RootPath ="\\$Server\C:\system.sav"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} -ErrorAction SilentlyContinue
Add-Content -Value "$Header" -Path $Output
Foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $output -ErrorAction SilentlyContinue
}
}
}
You have a malformed string literal on this line:
$output = "\\C:\Users\munjanga\Desktop\Repositroy "$server.output.csv"
--^
The " pointed out above should not be there. I think you meant to write:
$output = "\\C:\Users\munjanga\Desktop\Repositroy\$server.output.csv"
The double forwardslash at the start of the string might also be incorrect. Perhaps it should be removed:
$output = "C:\Users\munjanga\Desktop\Repositroy\$server.output.csv"
This is my code but i dont know what i need to supply:
$ServerList = Get-Content "C:\Users\munjanga\Desktop\Execute\Testing\servers.txt"
$ServerList
$Header="FolderPath,IdentityReference,AccessControlType,IsInherited,InheritedFlags,PropagationFlags"
Add-Content -Value $Header -Path $Output
Foreach ($Server in $ServerList) {
$output = "\\$server\C:\Users\munjanga\Desktop\Execute\Testing $server.output.csv"
Del $Output -ErrorAction SilentlyContinue
$RootPath ="\\$Server\C:\system.sav"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} -ErrorAction SilentlyContinue
Add-Content -Value "$Header" -Path $Output
Foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $output -ErrorAction SilentlyContinue
}
}
}
In line 4 you are invoking the Add-Content cmdlet, which requires a something to be passed to -Path, you are trying to use $Output, which is an empty (null) variable.
Assuming you are getting the warning on line 12 when calling Where-Object? It looks like you are trying to do a directory listing on a unc path that doesnt exist, getting nothing back to pipe to where. Is \$Server\C:\system.sav really supposed to be the admin share a la \$Server\C$\system.sav ?
So essentially I have the below script which generates output like follows for NTFS:
Folder Path IdentityReference AccessControlType IsInherited InheritanceFlags PropagationFlags
E:\Folder\ DOMAIN\User1 Allow True/False ContainerInherit Object Inherit
E:\Folder\ DOMAIN\User2 Deny True/False ContainerInherit Object Inherit
Although this is useful, it would be even better if instead of just Allow/Deny I could get a output which indicates, Read/Write/Modify/FullControl flags.
See my below code, any ideas are appreciated!
$OutFile = "C:\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "E:\Folder"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}}
The property you're looking for is $ACL.FileSystemRights.
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited," +
"InheritanceFlags,PropagationFlags,FileSystemRights"
#...
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," +
$ACL.AccessControlType + "," + $ACL.IsInherited + "," +
$ACL.InheritanceFlags + "," + $ACL.PropagationFlags + "," +
$ACL.FileSystemRights
For those who want it wrapped in a function try this:
Function Get-FolderPermissions {
Param($FolderPath)
If(-not (Test-Path $FolderPath)){
Write-Warning "$FolderPath not valid!"
return
}
$FolderPath = $(Get-Item $FolderPath).fullname
$ACLs = Get-Acl $FolderPath | ForEach-Object { $_.Access }
$ACLs | Select-Object #{n='FolderPath';e={$FolderPath}}, IdentityReference, AccessControlType, IsInherited, InheritanceFlags, PropagationFlags, FileSystemRights
}
Then you can export to CSV like this:
Get-FolderPermissions 'C:\Folder' | Export-Csv 'C:\Results.csv' -NoTypeInfo
Or multiple folders from a parent folder:
$Folders = Get-ChildItem 'C:\Folder' -recurse | where {$_.psiscontainer -eq $true}
$Folders | %{ Get-FolderPermissions $_.FullName } | Export-Csv 'C:\Results.csv' -NoTypeInfo