Help with the script

creative555
creative555 used Ask the Experts™
on
Hello,
I need help with the following script. This script is working great for us except I would like to be able to tell if the IdentityREference is a USER or a GROUP. I would like the script to output everything the same way it is plus add an additional column which would say if it is a USER or a GROUP. Thank you so much.



# Include only folders from the root path
Get-ChildItem "C:\installs" -Recurse | ?{ $_.PsIsContainer } | %{
  $Path = $_.FullName

  (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited
} | Export-CSV "Permissions.csv"
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you can use $object.Type property

try something like:

 (Get-Acl $Path).Access | Select-Object `
     @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
     InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited, $_.Type
 } | Export-CSV "Permissions.csv"

Open in new window

Author

Commented:
I tried and it didn't work. I got the error
invalid argument

System.Management.Automation.ScriptBlock}. 
At C:\scripts\GET-NTFSpermissions-Test.ps1:5 char:26 
+ (Get-Acl $Path).Access | Select-Object ` 
+                          ~~~~~~~~~~~~~~~ 
    + CategoryInfo          : InvalidArgument: (:) [Select-Object], NotSupportedException 
    + FullyQualifiedErrorId : DictionaryKeyUnknownType,Microsoft.PowerShell.Commands.Sele 
   ctObjectCommand
remove the ` after Select-Object
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Author

Commented:
Still getting an error
+                                                ~ 
Missing argument in parameter list. 
    + CategoryInfo          : ParserError: (:) [], ParseException 
    + FullyQualifiedErrorId : MissingExpressionAfterToken

Author

Commented:
Here is the entire script that I am trying

# Include only folders from the root path
Get-ChildItem "c:\installs" -Recurse | ?{ $_.PsIsContainer } | %{
  $Path = $_.FullName

(Get-Acl $Path).Access | Select-Object
     @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
     InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited, $_.Type
} | Export-CSV "Permissions-Test.csv"
Top Expert 2014
Commented:
Without querying Active Directory and/or the local machine for each identity (i.e. each ACE), I don't see how this would be possible.  That could be a lot of queries.  Get-ACL doesn't return that info.  If I wanted to know whether the identity for an ACE represented a group or user, I would simply rely on a naming scheme for groups that made it clear anytime you were looking at a name you could immediately recognize it as belonging to a group or not.

Author

Commented:
oh. Ok. I thought it would be too difficult. WE will use the excel to do it then. THank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial