• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 155
  • Last Modified:

I would like to list folders without security group

I am attempting to recertify our NTFS file share permissions and would like to locate where inheritance is broken  on folders. I attempted this but ran into a roadblock because all folders have a security group explicitly defined that is not inherited. To work around this i would like to add a SG to the top and after it propagates downward identify the folders that do not have the SG present. Looking for scripts. Note: i do not have server level access will be running this against a mapped drive.
0
elv1s
Asked:
elv1s
  • 2
1 Solution
 
elv1sAuthor Commented:
My first attempt:

Get-ChildItem "\\share\foldername" -recurse |
    ForEach-Object {
          $acl = Get-Acl $_.FullName
          If (!($acl.ContainsKey "security group name")) {Write-Host $_.FullName}
    }

throws error

Unexpected token 'security group name' in expression or statement.
At C:\Users\xxxxx\Desktop\test.ps1:4 char:42
+           If (!($acl.ContainsKey "security group name" <<<< )) {Write-Host $_.FullName}
    + CategoryInfo          : ParserError: (security group name:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
0
 
Chris DentPowerShell DeveloperCommented:
You want to look at $Acl.Access. That's the discretionary ACL.
Get-ChildItem \\share\foldername -Recurse |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group Name" }

Open in new window

Please note you'll need at least PowerShell 3 for that one to work (plays with one of the property expansion features).

Chris
0
 
elv1sAuthor Commented:
Great thanks slightly modified:

Get-ChildItem \\share\foldername  -Recurse |
  where {$_.Attributes -like '*Directory*'} |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group " } |
  Export-Csv "C:\Users\xxxxx\Desktop\xxxxxx.csv"
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now