Solved

exporting security groups assigned to folders

Posted on 2016-10-26
3
31 Views
Last Modified: 2016-11-15
Hello. I need to find out which security groups are assigned to folders share permissios(folders exist on a file share server). does anyone have a script for powershell or a free tool that we can use to obtain this. please let me know.
0
Comment
Question by:Newguy 123
  • 2
3 Comments
 
LVL 24

Accepted Solution

by:
NVIT earned 250 total points (awarded by participants)
ID: 41862651
Use AccessEnum

https://technet.microsoft.com/en-us/sysinternals/accessenum.aspx

AccessEnum uses standard Windows security APIs to populate its listview with read, write and deny access information.

You can export to CSV file format.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points (awarded by participants)
ID: 41862822
If you want a script aswell I used this powershell recently to document permissions set on each folder down tree of a file server... in that case was looking on a drive mapped to S:

There are four things to edit.  The $outfile to point to where you want CSV results.  $RootPath to where you want it to navigate down from and in this line we excluded two groups that wanted excluding.  Amend them or remove them as needed.

Steve

and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))

Open in new window


$OutFile = "c:\somedir\Permissions.csv" 
 $maxdepth = 5
 $RootPath = "S:\" 
 $actual_depth_param = [int]([regex]::Matches($RootPath, "\\")).count + [int]$maxdepth + 0
 $Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

 foreach ($Folder in $Folders)
 { 
     if (([regex]::Matches($Folder.fullname, "\\")).count -lt $actual_depth_param)
     { 
         $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access } 
         Foreach ($ACL in $ACLs)
         { 
             if (($ACL.IsInherited -eq $FALSE) -and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))
              {
                 $OutInfo = "`"" + $Folder.Fullname + "`",`"" +  $ACL.IdentityReference + "`",`"" + $ACL.AccessControlType + "`",`"" + $ACL.IsInherited + "`",`"" + $ACL.InheritanceFlags + "`",`"" + $ACL.PropagationFlags + "`",`"" + $ACL.FileSystemRights + "`""
Add-Content -Value $OutInfo -Path $OutFile
              }

         }
     }
 }

Open in new window

0
 
LVL 24

Expert Comment

by:NVIT
ID: 41887615
Question answered.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now