Solved

powershell script to get list of user have acces to folder and sub folder

Posted on 2016-10-14
4
28 Views
Last Modified: 2016-11-06
Hi,

i need to get list off users have an acces to files under folder and subfolders
i have many different access and each of my folders have different security group
i need to get all the users of all groups with the folder name

presently i use this script but i cant get the member of each groups in same time

$OutFile = "C:\temp\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile

$RootPath = "\\my root folder\"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
      $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
      Foreach ($ACL in $ACLs){
      $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
      Add-Content -Value $OutInfo -Path $OutFile
      }
}
0
Comment
Question by:Stéphane Boisvert
  • 2
4 Comments
 
LVL 2

Expert Comment

by:amodeo
ID: 41844147
If it doesn't absolutely have to be a powershell script, netwrix makes a completely free tool that does this.  I know it doesn't directly answer your question but I have found it very helpful for this info.

https://www.netwrix.com/netwrix_effective_permissions_reporting_tool.html

-Joe
0
 
LVL 12

Accepted Solution

by:
Dustin Saunders earned 500 total points (awarded by participants)
ID: 41844169
You could just add a recursive group check into each ACL check.

$OutFile = "C:\test\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile 

$RootPath = "C:\test\"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
      $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
      Foreach ($ACL in $ACLs)
      {
          $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
          Add-Content -Value $OutInfo -Path $OutFile

            $groupName = $acl.IdentityReference.ToString()
            $groupNameA = $groupName.Split('\')
            $groupName = $groupNameA[1]
            try 
            {
                $members = Get-ADGroupMember $groupName -Recursive
                foreach ($member in $members)
                {
                    $OutInfo = $Folder.Fullname + "," + $groupNameA[0] + "\" + $member.samaccountname  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
                    Add-Content -Value $OutInfo -Path $OutFile
                }
            }
            catch {}

          
      }
}

Open in new window

2
 

Author Comment

by:Stéphane Boisvert
ID: 41847110
Thank you Dustin for your comment
it work perfectly
0
 
LVL 12

Expert Comment

by:Dustin Saunders
ID: 41875991
Asker confirmed solution works for them.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question