$ServerList = Get-Content "C:\Users\munjanga\Desktop\Execute\Testing\servers.txt"
$ServerList
$Header="FolderPath,IdentityReference,AccessControlType,IsInherited,InheritedFlags,PropagationFlags"
Add-Content -Value $Header -Path $Output
Foreach ($Server in $ServerList) {
$output = "\\C:\Users\munjanga\Desktop\Repositroy "$server.output.csv"
Del $Output -ErrorAction SilentlyContinue
$RootPath ="\\$Server\C:\system.sav"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} -ErrorAction SilentlyContinue
Add-Content -Value "$Header" -Path $Output
Foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $output -ErrorAction SilentlyContinue
}
}
}
You have a malformed string literal on this line:
$output = "\\C:\Users\munjanga\Desktop\Repositroy "$server.output.csv"
--^
The " pointed out above should not be there. I think you meant to write:
$output = "\\C:\Users\munjanga\Desktop\Repositroy\$server.output.csv"
The double forwardslash at the start of the string might also be incorrect. Perhaps it should be removed:
$output = "C:\Users\munjanga\Desktop\Repositroy\$server.output.csv"
Related
Hello I am new scripting, I am tasked with creating a script that will be deleting a file from specific folders which will be deployed through SCCM onto many computers.
The problem is I want to output the log file saying either:
"<ComputerName> File Terminated"
"<ComputerName> File Not terminated"
Here is what I have so far:
$users = "C:\Users"
$logFile = "C:\TTS\Logs\GoogleTerm.log"
$source = "\AppData\Roaming\Google"
$exclude = "Default"
$input = get-ChildItem -Path $users
foreach ($folder in $input) {
if ($exclude -notcontains $folder.Name) {
Remove-Item -Path ($Users + "\" + $folder.Name + $source) -recurse -force
}
}
echo "Google Terminated on:"$env:computername >> $logfile
Added an else to your if to handle both outcomes, and then using Add-Content instead of echo:
foreach ($folder in $input) {
if ($exclude -notcontains $folder.Name) {
Remove-Item -Path ($Users + "\" + $folder.Name + $source) -recurse -force
Add-Content $logfile "$env:computername File Terminated"
}
else {
Add-Content $logfile "$env:computername File Not Terminated"
}
}
Add-Content $logfile "Google Terminated on: $env:computername"
This was my successfull solution, thank you guys for the assistance!
$users = "C:\Users"
$logFile = "C:\TTS\Logs\GoogleTerm.log"
$exclude = "Default"
$input = get-ChildItem -Path $users
foreach ($folder in $input) {
if ($exclude -notcontains $folder.Name) {
if (Test-Path ($Users + "\" + $folder.Name + $source)){
Remove-Item -Path ($Users + "\" + $folder.Name + $source) -recurse -force
Add-Content $logFile "Google Terminated on: $env:computername UserName:$folder "
}
else{
Add-Content $logFile "Google Already Terminated on:$env:computername UserName:$folder "
}
}
else{
Add-Content $logFile "Not Terminated on: $env:computername Username:$folder"
}
}
I'm trying to do the following -
$OutFile = "C:\temp\Audit_Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "\\netapp\DATA"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}}
The problem is that about 3 or 4 levels deep into the folder structure I no longer need to do a recursive. There's the potential for thousands of folders in the format of yyyy\mm\dd which I want to ignore. yyyy being the first folder.
so I want the audit on something like this -
\\netapp\data\folder1
\\netapp\data\folder2
\\netapp\data\folder2\folderA
\\netapp\data\folder3
\\netapp\data\folder3\folderA
\\netapp\data\folder3\folderA\testfolder
But as soon as it hits the following in any tree I want it to stop going further down -
\\netapp\data\folder3\folderA\testfolder\yyyy
This is one way to omit the foldername with yyyy.
You can adjust the RegEx part if you want to be more precise.
$Folders = dir $RootPath -recurse | where {($_.psiscontainer -eq $true) -AND ($_.FullName -notmatch '\\\d{4}($|\\)'}
I want to dynamically output the file using the name of the server its been run instead of specifying what name to use. as i want to run the code on multiple servers using multi-instance approach.
$OutFile = "C:\Users\munjanga\Documents\AoN Project\Execute\Output.csv"
$Header = "FolderPath,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "C:\Users\munjanga\Documents\Operations Orchestration"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}
}
If I understand you correctly, you want to change $OutFile depending on name of server. You can do that using MachineName property of Environment class:
$OutFile = "C:\Users\munjanga\Documents\AoN Project\Execute\$([Environment]::MachineName).csv"
This is my code but i dont know what i need to supply:
$ServerList = Get-Content "C:\Users\munjanga\Desktop\Execute\Testing\servers.txt"
$ServerList
$Header="FolderPath,IdentityReference,AccessControlType,IsInherited,InheritedFlags,PropagationFlags"
Add-Content -Value $Header -Path $Output
Foreach ($Server in $ServerList) {
$output = "\\$server\C:\Users\munjanga\Desktop\Execute\Testing $server.output.csv"
Del $Output -ErrorAction SilentlyContinue
$RootPath ="\\$Server\C:\system.sav"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} -ErrorAction SilentlyContinue
Add-Content -Value "$Header" -Path $Output
Foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $output -ErrorAction SilentlyContinue
}
}
}
In line 4 you are invoking the Add-Content cmdlet, which requires a something to be passed to -Path, you are trying to use $Output, which is an empty (null) variable.
Assuming you are getting the warning on line 12 when calling Where-Object? It looks like you are trying to do a directory listing on a unc path that doesnt exist, getting nothing back to pipe to where. Is \$Server\C:\system.sav really supposed to be the admin share a la \$Server\C$\system.sav ?
So essentially I have the below script which generates output like follows for NTFS:
Folder Path IdentityReference AccessControlType IsInherited InheritanceFlags PropagationFlags
E:\Folder\ DOMAIN\User1 Allow True/False ContainerInherit Object Inherit
E:\Folder\ DOMAIN\User2 Deny True/False ContainerInherit Object Inherit
Although this is useful, it would be even better if instead of just Allow/Deny I could get a output which indicates, Read/Write/Modify/FullControl flags.
See my below code, any ideas are appreciated!
$OutFile = "C:\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "E:\Folder"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}}
The property you're looking for is $ACL.FileSystemRights.
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited," +
"InheritanceFlags,PropagationFlags,FileSystemRights"
#...
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," +
$ACL.AccessControlType + "," + $ACL.IsInherited + "," +
$ACL.InheritanceFlags + "," + $ACL.PropagationFlags + "," +
$ACL.FileSystemRights
For those who want it wrapped in a function try this:
Function Get-FolderPermissions {
Param($FolderPath)
If(-not (Test-Path $FolderPath)){
Write-Warning "$FolderPath not valid!"
return
}
$FolderPath = $(Get-Item $FolderPath).fullname
$ACLs = Get-Acl $FolderPath | ForEach-Object { $_.Access }
$ACLs | Select-Object #{n='FolderPath';e={$FolderPath}}, IdentityReference, AccessControlType, IsInherited, InheritanceFlags, PropagationFlags, FileSystemRights
}
Then you can export to CSV like this:
Get-FolderPermissions 'C:\Folder' | Export-Csv 'C:\Results.csv' -NoTypeInfo
Or multiple folders from a parent folder:
$Folders = Get-ChildItem 'C:\Folder' -recurse | where {$_.psiscontainer -eq $true}
$Folders | %{ Get-FolderPermissions $_.FullName } | Export-Csv 'C:\Results.csv' -NoTypeInfo