Solved

How to enumerate which folders are not inheriting permissions from parent folder

Posted on 2014-03-24
11
487 Views
1 Endorsement
Last Modified: 2014-05-17
I am trying to identify which folders are not inheriting their permissions from their parent folder.

I need to make a lot of changes to permissions over the next few weeks and want to identify in advance which folders are not going to get the new permissions.
1
Comment
Question by:llcooljsl1983
  • 6
  • 5
11 Comments
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950163
Modified to the ref. given below here is the new code:
--------------------------

#requires -version 3

$Path = "c:\temp"
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

Ref: http://powershell.com/cs/forums/p/14430/28052.aspx
0
 

Author Comment

by:llcooljsl1983
ID: 39950292
So I will need to install powershell on each of the file servers and manually run this script on every directory, replacing c:\temp with the actual directory?

There are a number of file servers, each with around 300 shared folders :(

Is there not an application which can do this on a more automated / server level way?

Thanks
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950300
You dont need to install and run from each server. You just need to run my script from one server or Computer
you can write all the server names in a csv file and the directory names where to want to look (ie share name)
i can modify to include it.

what is the structure of the location you are looking into.
can you give few examples please. i will modify accordingly.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:llcooljsl1983
ID: 39950548
So it will for example

\\server\data
\\server\london
\\server\room

On the actual server, these have been split across C: D: E: F: G: drives

Is that what you mean?

Regards
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950554
do you have a list of all the shares on all the servers. if you can enter them in a csv file that would be good
if not, we need to modify the script to find the shares automatically given the server names atleast in a text file.
0
 

Author Comment

by:llcooljsl1983
ID: 39950585
Could you base it on a dummy CSV that I could enter the shares?

I would be told off if I uploaded company specific information. :)

Thanks
0
 
LVL 18

Assisted Solution

by:Raheman M. Abdul
Raheman M. Abdul earned 500 total points
ID: 39950615
I was just asking about examples, i understand the policies.

servers.csv  should contain the information of this type:

\\server\data
\\server\london
\\server\room


Try this code:
##################
#requires -version 3
$paths = Get-Content c:\servers.csv
foreach ($Path in $paths)
{
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            Write-Host $status
            Write-Host "processing $Folder"

            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
}

$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

########################
0
 

Author Comment

by:llcooljsl1983
ID: 39950747
Thanks, what would the columns / headings be within the source CSV?

Thanks again for your help
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950780
no need to enter column headings.
0
 

Accepted Solution

by:
llcooljsl1983 earned 0 total points
ID: 40058618
In the end I used the NTFS reporting tool from www.cjwdev.co.uk and filtered for ownership.
0
 

Author Closing Comment

by:llcooljsl1983
ID: 40071908
Very helpful posts but the software from CJWDEV was a lot easier.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question