Solved

How to enumerate which folders are not inheriting permissions from parent folder

Posted on 2014-03-24
11
529 Views
1 Endorsement
Last Modified: 2014-05-17
I am trying to identify which folders are not inheriting their permissions from their parent folder.

I need to make a lot of changes to permissions over the next few weeks and want to identify in advance which folders are not going to get the new permissions.
1
Comment
Question by:llcooljsl1983
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950163
Modified to the ref. given below here is the new code:
--------------------------

#requires -version 3

$Path = "c:\temp"
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

Ref: http://powershell.com/cs/forums/p/14430/28052.aspx
0
 

Author Comment

by:llcooljsl1983
ID: 39950292
So I will need to install powershell on each of the file servers and manually run this script on every directory, replacing c:\temp with the actual directory?

There are a number of file servers, each with around 300 shared folders :(

Is there not an application which can do this on a more automated / server level way?

Thanks
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950300
You dont need to install and run from each server. You just need to run my script from one server or Computer
you can write all the server names in a csv file and the directory names where to want to look (ie share name)
i can modify to include it.

what is the structure of the location you are looking into.
can you give few examples please. i will modify accordingly.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:llcooljsl1983
ID: 39950548
So it will for example

\\server\data
\\server\london
\\server\room

On the actual server, these have been split across C: D: E: F: G: drives

Is that what you mean?

Regards
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950554
do you have a list of all the shares on all the servers. if you can enter them in a csv file that would be good
if not, we need to modify the script to find the shares automatically given the server names atleast in a text file.
0
 

Author Comment

by:llcooljsl1983
ID: 39950585
Could you base it on a dummy CSV that I could enter the shares?

I would be told off if I uploaded company specific information. :)

Thanks
0
 
LVL 19

Assisted Solution

by:Raheman M. Abdul
Raheman M. Abdul earned 500 total points
ID: 39950615
I was just asking about examples, i understand the policies.

servers.csv  should contain the information of this type:

\\server\data
\\server\london
\\server\room


Try this code:
##################
#requires -version 3
$paths = Get-Content c:\servers.csv
foreach ($Path in $paths)
{
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            Write-Host $status
            Write-Host "processing $Folder"

            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
}

$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

########################
0
 

Author Comment

by:llcooljsl1983
ID: 39950747
Thanks, what would the columns / headings be within the source CSV?

Thanks again for your help
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950780
no need to enter column headings.
0
 

Accepted Solution

by:
llcooljsl1983 earned 0 total points
ID: 40058618
In the end I used the NTFS reporting tool from www.cjwdev.co.uk and filtered for ownership.
0
 

Author Closing Comment

by:llcooljsl1983
ID: 40071908
Very helpful posts but the software from CJWDEV was a lot easier.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief introduction to what I consider to be the best editor for PowerShell.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question