Powershell scripts to export and import NTFS and shared permissions on the folders to the excel file

If you have powershell scripts to do the following, would be great
-export NTFS and shared permissions on the folders to the excel file
-Import permissions from excel input file and assign them to the folders.
creative555Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
maybe you can adapt this.

It's not so bad :) You could use PS to substitute the user names, I can't see that taking more than a few minutes really.

> Ah, so if I get permissions for the top level, that script will only show the folders underneath
> that have explicit rights?

Yes, that's right.

If you want it to show Inherited as well then we need the version below. In this version I've removed the bit that filtered out inherited rights, the Where-Object (?) !$_.IsInherited (! is Not). And I've added the IsInherited column to the output so the values can be properly tracked.


# Include only folders from the root path
Get-ChildItem "C:\Stuff" -Recurse | ?{ $_.PsIsContainer } | %{
  $Path = $_.FullName

  (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited
} | Export-CSV "Permissions.csv"

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
creative555Author Commented:
Wow. This is an amazing script!! Exactly what I was looking for!! I just tested it and it makes an excellent export.
creative555Author Commented:
I was wondering if you could help me with another script that takes the csv file - columns path, username, systemrights - such as full control, modify, synchronize, and grants those permissions on the shares.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Randy DownsOWNERCommented:
Try this.

Import-Csv YourFile.csv | ForEach-Object {

  # Some defaults
  $InheritanceFlags = "containerInherit, ObjectInherit"
  $PropagationFlags = "None"

  # Override defaults if necessary
  $Inheritance = $_.InheritanceFlags
  Switch ($Inheritance) {
    "Subfolders and Files only"                      { $PropagationFlags = "InheritOnly" }
    "This Folder, One level of Subfolders and Files" { $PropagationFlags = "NoPropagateInherit" }
    "This folder and subfolders"                     { $InheritanceFlags = "ContainerInherit" }
    "Subfolders only"                                { $InheritanceFlags = "ContainerInherit"; $PropagationFlags = "InheritOnly" }
    "This folder and files"                          { $InheritanceFlags = "ObjectInherit" }
    "This folder and one level of files"             { $InheritanceFlags = "ObjectInherit"; $PropagationFlags = "InheritOnly" }
    "This folder only"                               { $InheritanceFlags = "None" }
  }

  # Build an access rule based on the line we read from the file
  $AccessRule = New-Object Security.AccessControl.FileSystemAccessRule(
    $_.Users, $_.FileSystemRights, $InheritanceFlags, $PropagationFlags, $_.AccessControlType)

  # Get the current access list
  $Acl = Get-Acl $_.UNCPath
  # Add the rule
  $Acl.AddAccessRule($AccessRule)
  # Save changes
  Set-Acl -Path $_.UNCPath -AclObject $Acl
}

Open in new window

creative555Author Commented:
Oh. Thank you so much!!
I tried running it and getting this error:

New-Object : Cannot convert argument "1", with value: "268435456", for "FileSystemAccessRule" to type "System.Security.AccessControl.FileSystemRights": "Cannot
convert value "268435456" to type "System.Security.AccessControl.FileSystemRights" due to enumeration values that are not valid. Specify one of the following
enumeration values and try again. The possible enumeration values are "ListDirectory, ReadData, WriteData, CreateFiles, CreateDirectories, AppendData,
ReadExtendedAttributes, WriteExtendedAttributes, Traverse, ExecuteFile, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete,
ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl"."
At C:\scripts\Assign-NTFSPermissions.ps1:21 char:17
+   $AccessRule = New-Object Security.AccessControl.FileSystemAccessRule(
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
creative555Author Commented:
Oh. That was one bad value in the spreadsheet. Script is working perfect!!!

Wow. I have been looking for it for a long time. Thank you so much!! I wish I could give you more points!
Randy DownsOWNERCommented:
if you want to give more points just open a question. ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.