Solved

I would like to list folders without security group

Posted on 2014-10-29
3
147 Views
Last Modified: 2014-10-31
I am attempting to recertify our NTFS file share permissions and would like to locate where inheritance is broken  on folders. I attempted this but ran into a roadblock because all folders have a security group explicitly defined that is not inherited. To work around this i would like to add a SG to the top and after it propagates downward identify the folders that do not have the SG present. Looking for scripts. Note: i do not have server level access will be running this against a mapped drive.
0
Comment
Question by:elv1s
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:elv1s
ID: 40411344
My first attempt:

Get-ChildItem "\\share\foldername" -recurse |
    ForEach-Object {
          $acl = Get-Acl $_.FullName
          If (!($acl.ContainsKey "security group name")) {Write-Host $_.FullName}
    }

throws error

Unexpected token 'security group name' in expression or statement.
At C:\Users\xxxxx\Desktop\test.ps1:4 char:42
+           If (!($acl.ContainsKey "security group name" <<<< )) {Write-Host $_.FullName}
    + CategoryInfo          : ParserError: (security group name:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40414386
You want to look at $Acl.Access. That's the discretionary ACL.
Get-ChildItem \\share\foldername -Recurse |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group Name" }

Open in new window

Please note you'll need at least PowerShell 3 for that one to work (plays with one of the property expansion features).

Chris
0
 

Author Closing Comment

by:elv1s
ID: 40416025
Great thanks slightly modified:

Get-ChildItem \\share\foldername  -Recurse |
  where {$_.Attributes -like '*Directory*'} |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group " } |
  Export-Csv "C:\Users\xxxxx\Desktop\xxxxxx.csv"
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question