Using get-acl to return folder permissions
I am using the following script to return a list of Groups and Users that have access to a folder and its sub-folders:

get-childitem c:\work recurse | get-acl  | select-object path,owner,accesstostring,group | export-csv c:\ACL.csv
Although it does bring back some really useful information it does not return all of the Groups that have access to folders. For example, if I right click on my folder select Propeties and Security there are more groups listed than those returned by the script. Anyone know why this is?!

Thanks
April 20th, 2009 9:59am
Hi

What operating system is thedata on? Can you please use the icacls.exe command line utility to view the permissions for the "C:\work" folder and post the output aswell as the output from the powershell command.

C:\Windows\System32\icacls.exe"C:\work" /t

It may be an issue with ACE inheritance or a security descriptor? Please post the resultsforcomparison

Cheers

Matt :)
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2009 1:28pm
Hi

What operating system is thedata on? Can you please use the icacls.exe command line utility to view the permissions for the "C:\work" folder and post the output aswell as the output from the powershell command.

C:\Windows\System32\icacls.exe"C:\work" /t

It may be an issue with ACE inheritance or a security descriptor? Please post the resultsforcomparison

Cheers

Matt :)
April 20th, 2009 1:28pm
My first thought would inheritance, which may be an issue with AccessToString.

It would help to know what specifically is missing.
Free Windows Admin Tool Kit Click here and download it now
April 20th, 2009 1:34pm
Hi

What operating system is thedata on? Can you please use the icacls.exe command line utility to view the permissions for the "C:\work" folder and post the output aswell as the output from the powershell command.

C:\Windows\System32\icacls.exe"C:\work" /t

It may be an issue with ACE inheritance or a security descriptor? Please post the resultsforcomparison

Cheers

Matt :)

Hi Matt,

Apologies for the delay in responding, got caught up with other stuff. Anyway, when I ran the original command I posted in PS it returns nothing whereas before it created the output file and it contained data. Now when I run it an empty file is created?!

The OS is XP Pro, I don't appear to have the icacls.exe executable on my machine.


Thanks
David
May 6th, 2009 7:02am
My first thought would inheritance, which may be an issue with AccessToString.

It would help to know what specifically is missing.
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2009 7:05am
I am trying to clear up the older open posts on this forum. If this is still an unresolved issue for you please let me know. If you do not post back within one week I will assume it is resolved and will close this thread.

Thank you

Ed Wilson
Microsoft Scripting Guy
January 11th, 2010 9:24pm
Hi Ed,

Yes, this is now resolved, it was a permissions issue.
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2010 7:44am
Hi Ed,

Yes, this is now resolved, it was a permissions issue.
January 12th, 2010 7:44am

Hi to all,

Just in case someone needs simple script to check permissions on remote shares, here it is.

#==========================================================================
# NAME: ACL on Shared folder
# AUTHOR: Mladen
# DATE  : 01/12/2010
# COMMENT: Check permissions on NTFS shared folder and send report to excel
# REQUIREMENTS: QuestAD for PowerShell (Quest ActiveRoles), Excel, Acces to share
# shares.txt is file with shares in format \\server\share1
#==========================================================================

#$erroractionpreference = "SilentlyContinue"
$a = New-Object -comobject Excel.Application
$a.visible = $True
$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)
$c.Cells.Item(1,1) = "Share"
$c.Cells.Item(1,2) = "Account"
$c.Cells.Item(1,3) = "Permission"
$c.Cells.Item(1,4) = "User Name"
$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$intRow = 2

$colShares = get-content shares.txt
foreach ($strShare in $colShares)
{
$c.Cells.Item($intRow, 1) = $strShare
$c.Cells.Item($intRow, 1).Font.Bold = $True
$acl = Get-Acl $strShare
$perm = $acl.Access
 foreach ($object in $perm)
 {
 $intRow = $intRow + 1
 $userName = [string]$object.IdentityReference
 $c.Cells.Item($intRow, 2) = $userName
 $c.Cells.Item($intRow, 3) = [string]$object.FileSystemRights
 $fullName = Get-QADUser $userName
 $c.Cells.Item($intRow, 4) = $fullName.Name
 }
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()

 

Regards from Serbia.

Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2010 9:03am
I can't tell you how wonderfully useful your script has been! I've been trying - without success - to modify it so it will recurse into subdirectories listed within the initial folder in SHARES.TXT.  I suppose if that's not possible, a larger SHARES.TXT file would be needed, with each nested folder listed?  Thanks so much.
March 13th, 2015 3:50pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics