Avatar of daveTechSearch
daveTechSearchFlag for Canada asked on

Powershell - Error trapping, log to file

I'm just trying to figure out the best way to go about trapping errors for this script...

get-childitem in particular.  

This will tell me if somebody has been given full control vs. modify... and ripped out local administrators on our file servers when performing the specific query.


$ACLfor=read-host "Please specify the user or group to scan for"
$arrayDrives=(read-host "Please enter the drives you wish to scan for ACLs in the form of:  c:\,d:\  ").Split(",")
 
@(forEach ($arrayElement in $arrayDrives)
{
get-childitem  -path $arrayElement -recurse |
where{$_.PSIsContainer} |
get-acl |
?{($_.Access | 
%{$_.IdentityReference}) -contains "$ACLfor"} | Select Path,AccessToString
}) | Export-csv ACL.csv -noTypeInformation -ErrorAction SilentlyContinue 
Open in New Window

Open in new window

Microsoft Legacy OS

Avatar of undefined
Last Comment
BSonPosh

8/22/2022 - Mon
BSonPosh

In Powershell V1 all you have is Trap. I have a blog about here: http://bsonposh.com/archives/241

p.s. Powershell Zone: https://www.experts-exchange.com/Programming/Languages/Scripting/MSH-Monad/
ASKER
daveTechSearch

Just trying to wrap my head around this (very new to PS).... this is what I am trying to do, but am 110% sure that I'm missing something...(leaving the script above out of it for now):
------------------------------------------------------------------------------------------
trap [System.UnauthorizedAccessException]{
    write-host ("ERROR: " + $_) -Foregroundcolor Blue; Continue}
get-childitem d:\temp -recurse
------------------------------------------------------------------------------------------
To test this, I have ripped all permissions off of the directory except a test account.
Is there anything that you can add to point me in the right direction?
Thanks!
ASKER
daveTechSearch

Getting closer... working with the following:
------------------------------------------------------------------------------------------  
trap [System.UnauthorizedAccessExceptionw]{
    write-host ("ERROR: " + $_) -Foregroundcolor Blue; Continue}
write-host ([System.IO.Directory]::GetDirectories("d:\temp"))
------------------------------------------------------------------------------------------
now just have to incorporate into the script...!
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
daveTechSearch

So, I am able to take a directory listing and record access errors to log file:
-----------------
Access to the path 'd:\temp' is denied.
At D:\PSScripts\testtrap.ps1:5 char:39
+ ([System.IO.Directory]::GetDirectories( <<<< "d:\temp"))
-----------------
The only thing I am unclear on is exactly how to get it to recurse through all subdirectories.....?
 

trap [System.UnauthorizedAccessException]{
$_ | out-file -encoding ASCII -filePath d:\psscripts\error.log `
-append; Continue}
([System.IO.Directory]::GetDirectories("d:\temp"))

Open in new window

BSonPosh

([System.IO.Directory]::GetDirectories("c:\temp","*","AllDirectories"))

http://msdn.microsoft.com/en-us/library/ms143314.aspx

ASKER
daveTechSearch

Thanks for that.... but, if it isn't one thing or another... I have been spending some time banging my head on the following when hitting the root of a drive...:
Exception calling "GetDirectories" with "3" argument(s): "Access to the path 'd:\System Volume Information' is denied."
 
=/
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
BSonPosh

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
daveTechSearch

My understanding is that using .Net would perform the query faster than utilizing the cmdlet... but that is what I will do for now....



$error.clear()
write-output "Remember to map drives to remote hosts"
$fileName=read-host "please specify a filename (do not specify` extension)"
$ACLfor=read-host "Specify user\group to scan for (in the form of` overwaitea\name)"
$arrayDrives=(read-host "Please enter the drives you wish to scan for` ACLs in the form of:  c:\,d:\  ").Split(",")
Write-Output "Data will be saved in the current directory as` $fileName.csv"
Write-Output "Errors will be recorded in the current directory as` $fileName.err.log"
 
Function getACL{
@(forEach ($arrayDrive in $arrayDrives)
{
get-childitem  -path $arrayDrive -recurse -ea 0 |
where{$_.PSIsContainer} |
get-acl |
?{($_.Access | 
%{$_.IdentityReference}) -contains "$ACLfor"} | 
Select Path,AccessToString
}) | Export-csv ACL.csv -noTypeInformation
}
 
Function writeError
{ 
$error | out-file error.log
}
getACL
writeError

Open in new window

BSonPosh

the cmdlet just wraps the .NET Class... it will be ~same.