Solved

I would like to list folders without security group

Posted on 2014-10-29
3
143 Views
Last Modified: 2014-10-31
I am attempting to recertify our NTFS file share permissions and would like to locate where inheritance is broken  on folders. I attempted this but ran into a roadblock because all folders have a security group explicitly defined that is not inherited. To work around this i would like to add a SG to the top and after it propagates downward identify the folders that do not have the SG present. Looking for scripts. Note: i do not have server level access will be running this against a mapped drive.
0
Comment
Question by:elv1s
  • 2
3 Comments
 

Author Comment

by:elv1s
ID: 40411344
My first attempt:

Get-ChildItem "\\share\foldername" -recurse |
    ForEach-Object {
          $acl = Get-Acl $_.FullName
          If (!($acl.ContainsKey "security group name")) {Write-Host $_.FullName}
    }

throws error

Unexpected token 'security group name' in expression or statement.
At C:\Users\xxxxx\Desktop\test.ps1:4 char:42
+           If (!($acl.ContainsKey "security group name" <<<< )) {Write-Host $_.FullName}
    + CategoryInfo          : ParserError: (security group name:String) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40414386
You want to look at $Acl.Access. That's the discretionary ACL.
Get-ChildItem \\share\foldername -Recurse |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group Name" }

Open in new window

Please note you'll need at least PowerShell 3 for that one to work (plays with one of the property expansion features).

Chris
0
 

Author Closing Comment

by:elv1s
ID: 40416025
Great thanks slightly modified:

Get-ChildItem \\share\foldername  -Recurse |
  where {$_.Attributes -like '*Directory*'} |
  Where-Object { (Get-Acl $_.FullName).Access.IdentityReference.Value -notcontains "Domain\Security Group " } |
  Export-Csv "C:\Users\xxxxx\Desktop\xxxxxx.csv"
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, scripts 30 77
Help with PS script 7 30
Exchange 365 Mailbox Issue 3 32
PowerShell:  Add Header to Out-File 2 19
Hi all.   The other day I had to change the passwords for a bunch of users on the fly. Because they were so many, I decided to do it in an automated way and I would like to share it with you all.   If you are not doing it directly in a Domain Co…
In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
Edureka is one of the fastest growing and most effective online learning sites.  We are here to help you succeed.
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now