Link to home
Create AccountLog in
Avatar of daveTechSearch
daveTechSearchFlag for Canada

asked on

Powershell - Error trapping, log to file

I'm just trying to figure out the best way to go about trapping errors for this script...

get-childitem in particular.  

This will tell me if somebody has been given full control vs. modify... and ripped out local administrators on our file servers when performing the specific query.


$ACLfor=read-host "Please specify the user or group to scan for"
$arrayDrives=(read-host "Please enter the drives you wish to scan for ACLs in the form of:  c:\,d:\  ").Split(",")
 
@(forEach ($arrayElement in $arrayDrives)
{
get-childitem  -path $arrayElement -recurse |
where{$_.PSIsContainer} |
get-acl |
?{($_.Access | 
%{$_.IdentityReference}) -contains "$ACLfor"} | Select Path,AccessToString
}) | Export-csv ACL.csv -noTypeInformation -ErrorAction SilentlyContinue 
Open in New Window

Open in new window

Avatar of BSonPosh
BSonPosh
Flag of United States of America image

In Powershell V1 all you have is Trap. I have a blog about here: http://bsonposh.com/archives/241

p.s. Powershell Zone: https://www.experts-exchange.com/Programming/Languages/Scripting/MSH-Monad/
Avatar of daveTechSearch

ASKER

Just trying to wrap my head around this (very new to PS).... this is what I am trying to do, but am 110% sure that I'm missing something...(leaving the script above out of it for now):
------------------------------------------------------------------------------------------
trap [System.UnauthorizedAccessException]{
    write-host ("ERROR: " + $_) -Foregroundcolor Blue; Continue}
get-childitem d:\temp -recurse
------------------------------------------------------------------------------------------
To test this, I have ripped all permissions off of the directory except a test account.
Is there anything that you can add to point me in the right direction?
Thanks!
Getting closer... working with the following:
------------------------------------------------------------------------------------------  
trap [System.UnauthorizedAccessExceptionw]{
    write-host ("ERROR: " + $_) -Foregroundcolor Blue; Continue}
write-host ([System.IO.Directory]::GetDirectories("d:\temp"))
------------------------------------------------------------------------------------------
now just have to incorporate into the script...!
So, I am able to take a directory listing and record access errors to log file:
-----------------
Access to the path 'd:\temp' is denied.
At D:\PSScripts\testtrap.ps1:5 char:39
+ ([System.IO.Directory]::GetDirectories( <<<< "d:\temp"))
-----------------
The only thing I am unclear on is exactly how to get it to recurse through all subdirectories.....?
 

trap [System.UnauthorizedAccessException]{
$_ | out-file -encoding ASCII -filePath d:\psscripts\error.log `
-append; Continue}
([System.IO.Directory]::GetDirectories("d:\temp"))

Open in new window

([System.IO.Directory]::GetDirectories("c:\temp","*","AllDirectories"))

http://msdn.microsoft.com/en-us/library/ms143314.aspx

Thanks for that.... but, if it isn't one thing or another... I have been spending some time banging my head on the following when hitting the root of a drive...:
Exception calling "GetDirectories" with "3" argument(s): "Access to the path 'd:\System Volume Information' is denied."
 
=/
ASKER CERTIFIED SOLUTION
Avatar of BSonPosh
BSonPosh
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
My understanding is that using .Net would perform the query faster than utilizing the cmdlet... but that is what I will do for now....



$error.clear()
write-output "Remember to map drives to remote hosts"
$fileName=read-host "please specify a filename (do not specify` extension)"
$ACLfor=read-host "Specify user\group to scan for (in the form of` overwaitea\name)"
$arrayDrives=(read-host "Please enter the drives you wish to scan for` ACLs in the form of:  c:\,d:\  ").Split(",")
Write-Output "Data will be saved in the current directory as` $fileName.csv"
Write-Output "Errors will be recorded in the current directory as` $fileName.err.log"
 
Function getACL{
@(forEach ($arrayDrive in $arrayDrives)
{
get-childitem  -path $arrayDrive -recurse -ea 0 |
where{$_.PSIsContainer} |
get-acl |
?{($_.Access | 
%{$_.IdentityReference}) -contains "$ACLfor"} | 
Select Path,AccessToString
}) | Export-csv ACL.csv -noTypeInformation
}
 
Function writeError
{ 
$error | out-file error.log
}
getACL
writeError

Open in new window

the cmdlet just wraps the .NET Class... it will be ~same.