Solved

How to enumerate which folders are not inheriting permissions from parent folder

Posted on 2014-03-24
11
518 Views
1 Endorsement
Last Modified: 2014-05-17
I am trying to identify which folders are not inheriting their permissions from their parent folder.

I need to make a lot of changes to permissions over the next few weeks and want to identify in advance which folders are not going to get the new permissions.
1
Comment
Question by:llcooljsl1983
  • 6
  • 5
11 Comments
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950163
Modified to the ref. given below here is the new code:
--------------------------

#requires -version 3

$Path = "c:\temp"
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

Ref: http://powershell.com/cs/forums/p/14430/28052.aspx
0
 

Author Comment

by:llcooljsl1983
ID: 39950292
So I will need to install powershell on each of the file servers and manually run this script on every directory, replacing c:\temp with the actual directory?

There are a number of file servers, each with around 300 shared folders :(

Is there not an application which can do this on a more automated / server level way?

Thanks
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950300
You dont need to install and run from each server. You just need to run my script from one server or Computer
you can write all the server names in a csv file and the directory names where to want to look (ie share name)
i can modify to include it.

what is the structure of the location you are looking into.
can you give few examples please. i will modify accordingly.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:llcooljsl1983
ID: 39950548
So it will for example

\\server\data
\\server\london
\\server\room

On the actual server, these have been split across C: D: E: F: G: drives

Is that what you mean?

Regards
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950554
do you have a list of all the shares on all the servers. if you can enter them in a csv file that would be good
if not, we need to modify the script to find the shares automatically given the server names atleast in a text file.
0
 

Author Comment

by:llcooljsl1983
ID: 39950585
Could you base it on a dummy CSV that I could enter the shares?

I would be told off if I uploaded company specific information. :)

Thanks
0
 
LVL 19

Assisted Solution

by:Raheman M. Abdul
Raheman M. Abdul earned 500 total points
ID: 39950615
I was just asking about examples, i understand the policies.

servers.csv  should contain the information of this type:

\\server\data
\\server\london
\\server\room


Try this code:
##################
#requires -version 3
$paths = Get-Content c:\servers.csv
foreach ($Path in $paths)
{
$Folders = Get-ChildItem $Path -Directory -Recurse
$statuses = @()

Foreach ($Folder in $Folders)
{
    $ACLs = Get-Acl -Path $Folder.fullname | ForEach-Object { $_.Access }
    Foreach ($ACL in $ACLs)
    {
        if (!($ACL.IsInherited))
        {
                $status = [ordered]@{
                FolderPath = $Folder.Fullname;
                IsInherited = $ACL.IsInherited;
                InheritanceFlags = $ACL.InheritanceFlags;
                PropagationFlags = $ACL.PropagationFlags }
            Write-Host $status
            Write-Host "processing $Folder"

            $statuses += (New-Object -TypeName PSObject -Property $status)
            break;
        }
       
    }
}
}

$statuses | Export-Csv -Path c:\temp\report.csv -Encoding ASCII -NoTypeInformation

########################
0
 

Author Comment

by:llcooljsl1983
ID: 39950747
Thanks, what would the columns / headings be within the source CSV?

Thanks again for your help
0
 
LVL 19

Expert Comment

by:Raheman M. Abdul
ID: 39950780
no need to enter column headings.
0
 

Accepted Solution

by:
llcooljsl1983 earned 0 total points
ID: 40058618
In the end I used the NTFS reporting tool from www.cjwdev.co.uk and filtered for ownership.
0
 

Author Closing Comment

by:llcooljsl1983
ID: 40071908
Very helpful posts but the software from CJWDEV was a lot easier.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help you understand what HashTables are and how to use them in PowerShell.
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question