Solved

powershell script to get list of user have acces to folder and sub folder

Posted on 2016-10-14
4
24 Views
Last Modified: 2016-11-06
Hi,

i need to get list off users have an acces to files under folder and subfolders
i have many different access and each of my folders have different security group
i need to get all the users of all groups with the folder name

presently i use this script but i cant get the member of each groups in same time

$OutFile = "C:\temp\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile

$RootPath = "\\my root folder\"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
      $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
      Foreach ($ACL in $ACLs){
      $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
      Add-Content -Value $OutInfo -Path $OutFile
      }
}
0
Comment
Question by:Stéphane Boisvert
  • 2
4 Comments
 
LVL 2

Expert Comment

by:amodeo
ID: 41844147
If it doesn't absolutely have to be a powershell script, netwrix makes a completely free tool that does this.  I know it doesn't directly answer your question but I have found it very helpful for this info.

https://www.netwrix.com/netwrix_effective_permissions_reporting_tool.html

-Joe
0
 
LVL 12

Accepted Solution

by:
Dustin Saunders earned 500 total points (awarded by participants)
ID: 41844169
You could just add a recursive group check into each ACL check.

$OutFile = "C:\test\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Add-Content -Value $Header -Path $OutFile 

$RootPath = "C:\test\"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
      $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
      Foreach ($ACL in $ACLs)
      {
          $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
          Add-Content -Value $OutInfo -Path $OutFile

            $groupName = $acl.IdentityReference.ToString()
            $groupNameA = $groupName.Split('\')
            $groupName = $groupNameA[1]
            try 
            {
                $members = Get-ADGroupMember $groupName -Recursive
                foreach ($member in $members)
                {
                    $OutInfo = $Folder.Fullname + "," + $groupNameA[0] + "\" + $member.samaccountname  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
                    Add-Content -Value $OutInfo -Path $OutFile
                }
            }
            catch {}

          
      }
}

Open in new window

2
 

Author Comment

by:Stéphane Boisvert
ID: 41847110
Thank you Dustin for your comment
it work perfectly
0
 
LVL 12

Expert Comment

by:Dustin Saunders
ID: 41875991
Asker confirmed solution works for them.
0

Join & Write a Comment

Set OWA language and time zone in Exchange for individuals, all users or per database.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now