Solved

I would like to list folders without security group

Posted on 2014-10-29
3
141 Views
Last Modified: 2014-10-31
I am attempting to recertify our NTFS file share permissions and would like to locate where inheritance is broken  on folders. I attempted this but ran into a roadblock because all folders have a security group explicitly defined that is not inherited. To work around this i would like to add a SG to the top and after it propagates downward identify the folders that do not have the SG present. Looking for scripts. Note: i do not have server level access will be running this against a mapped drive.
0
Comment
Question by:elv1s
  • 2
3 Comments
 

Author Comment

by:elv1s
ID: 40411344
My first attempt:

Get-ChildItem "\\share\foldername" -recurse |
    ForEach-Object {
          $acl = Get-Acl $_.FullName
          If (!($acl.ContainsKey "security group name")) {Write-Host $_.FullName}
    }

throws error

Unexpected token 'security group name' in expression or statement.
At C:\Users\xxxxx\Desktop\test.ps1:4 char:42
+           If (!($acl.ContainsKey "security group name" <<<< )) {Write-Host $_.FullName}
    + CategoryInfo          : ParserError: (security group name:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40414386
You want to look at $Acl.Access. That's the discretionary ACL.
Get-ChildItem \\share\foldername -Recurse |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group Name" }

Open in new window

Please note you'll need at least PowerShell 3 for that one to work (plays with one of the property expansion features).

Chris
0
 

Author Closing Comment

by:elv1s
ID: 40416025
Great thanks slightly modified:

Get-ChildItem \\share\foldername  -Recurse |
  where {$_.Attributes -like '*Directory*'} |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group " } |
  Export-Csv "C:\Users\xxxxx\Desktop\xxxxxx.csv"
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
Synchronize a new Active Directory domain with an existing Office 365 tenant
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now