Solved

How to enumerate which folders are not inheriting permissions from parent folder

Posted on 2014-03-24
11
467 Views
1 Endorsement
Last Modified: 2014-05-17
I am trying to identify which folders are not inheriting their permissions from their parent folder.

I need to make a lot of changes to permissions over the next few weeks and want to identify in advance which folders are not going to get the new permissions.
1
Comment
Question by:llcooljsl1983
  • 6
  • 5
11 Comments
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950163
Modified to the ref. given below here is the new code:
--------------------------

#requires -version 3

$Path = "c:\temp"
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

Ref: http://powershell.com/cs/forums/p/14430/28052.aspx
0
 

Author Comment

by:llcooljsl1983
ID: 39950292
So I will need to install powershell on each of the file servers and manually run this script on every directory, replacing c:\temp with the actual directory?

There are a number of file servers, each with around 300 shared folders :(

Is there not an application which can do this on a more automated / server level way?

Thanks
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950300
You dont need to install and run from each server. You just need to run my script from one server or Computer
you can write all the server names in a csv file and the directory names where to want to look (ie share name)
i can modify to include it.

what is the structure of the location you are looking into.
can you give few examples please. i will modify accordingly.
0
 

Author Comment

by:llcooljsl1983
ID: 39950548
So it will for example

\\server\data
\\server\london
\\server\room

On the actual server, these have been split across C: D: E: F: G: drives

Is that what you mean?

Regards
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950554
do you have a list of all the shares on all the servers. if you can enter them in a csv file that would be good
if not, we need to modify the script to find the shares automatically given the server names atleast in a text file.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:llcooljsl1983
ID: 39950585
Could you base it on a dummy CSV that I could enter the shares?

I would be told off if I uploaded company specific information. :)

Thanks
0
 
LVL 18

Assisted Solution

by:Raheman M. Abdul
Raheman M. Abdul earned 500 total points
ID: 39950615
I was just asking about examples, i understand the policies.

servers.csv  should contain the information of this type:

\\server\data
\\server\london
\\server\room


Try this code:
##################
#requires -version 3
$paths = Get-Content c:\servers.csv
foreach ($Path in $paths)
{
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            Write-Host $status
            Write-Host "processing $Folder"

            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
}

$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

########################
0
 

Author Comment

by:llcooljsl1983
ID: 39950747
Thanks, what would the columns / headings be within the source CSV?

Thanks again for your help
0
 
LVL 18

Expert Comment

by:Raheman M. Abdul
ID: 39950780
no need to enter column headings.
0
 

Accepted Solution

by:
llcooljsl1983 earned 0 total points
ID: 40058618
In the end I used the NTFS reporting tool from www.cjwdev.co.uk and filtered for ownership.
0
 

Author Closing Comment

by:llcooljsl1983
ID: 40071908
Very helpful posts but the software from CJWDEV was a lot easier.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now