Solved

I would like to list folders without security group

Posted on 2014-10-29
3
146 Views
Last Modified: 2014-10-31
I am attempting to recertify our NTFS file share permissions and would like to locate where inheritance is broken  on folders. I attempted this but ran into a roadblock because all folders have a security group explicitly defined that is not inherited. To work around this i would like to add a SG to the top and after it propagates downward identify the folders that do not have the SG present. Looking for scripts. Note: i do not have server level access will be running this against a mapped drive.
0
Comment
Question by:elv1s
  • 2
3 Comments
 

Author Comment

by:elv1s
ID: 40411344
My first attempt:

Get-ChildItem "\\share\foldername" -recurse |
    ForEach-Object {
          $acl = Get-Acl $_.FullName
          If (!($acl.ContainsKey "security group name")) {Write-Host $_.FullName}
    }

throws error

Unexpected token 'security group name' in expression or statement.
At C:\Users\xxxxx\Desktop\test.ps1:4 char:42
+           If (!($acl.ContainsKey "security group name" <<<< )) {Write-Host $_.FullName}
    + CategoryInfo          : ParserError: (security group name:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40414386
You want to look at $Acl.Access. That's the discretionary ACL.
Get-ChildItem \\share\foldername -Recurse |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group Name" }

Open in new window

Please note you'll need at least PowerShell 3 for that one to work (plays with one of the property expansion features).

Chris
0
 

Author Closing Comment

by:elv1s
ID: 40416025
Great thanks slightly modified:

Get-ChildItem \\share\foldername  -Recurse |
  where {$_.Attributes -like '*Directory*'} |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group " } |
  Export-Csv "C:\Users\xxxxx\Desktop\xxxxxx.csv"
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell Code 4 31
Powershell Split 18 29
-OutVariable to Global 1 22
Powershell to Query Child Domains 4 13
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question