Solved

exporting security groups assigned to folders

Posted on 2016-10-26
3
34 Views
Last Modified: 2016-11-15
Hello. I need to find out which security groups are assigned to folders share permissios(folders exist on a file share server). does anyone have a script for powershell or a free tool that we can use to obtain this. please let me know.
0
Comment
Question by:Newguy 123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 24

Accepted Solution

by:
NVIT earned 250 total points (awarded by participants)
ID: 41862651
Use AccessEnum

https://technet.microsoft.com/en-us/sysinternals/accessenum.aspx

AccessEnum uses standard Windows security APIs to populate its listview with read, write and deny access information.

You can export to CSV file format.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points (awarded by participants)
ID: 41862822
If you want a script aswell I used this powershell recently to document permissions set on each folder down tree of a file server... in that case was looking on a drive mapped to S:

There are four things to edit.  The $outfile to point to where you want CSV results.  $RootPath to where you want it to navigate down from and in this line we excluded two groups that wanted excluding.  Amend them or remove them as needed.

Steve

and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))

Open in new window


$OutFile = "c:\somedir\Permissions.csv" 
 $maxdepth = 5
 $RootPath = "S:\" 
 $actual_depth_param = [int]([regex]::Matches($RootPath, "\\")).count + [int]$maxdepth + 0
 $Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

 foreach ($Folder in $Folders)
 { 
     if (([regex]::Matches($Folder.fullname, "\\")).count -lt $actual_depth_param)
     { 
         $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access } 
         Foreach ($ACL in $ACLs)
         { 
             if (($ACL.IsInherited -eq $FALSE) -and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))
              {
                 $OutInfo = "`"" + $Folder.Fullname + "`",`"" +  $ACL.IdentityReference + "`",`"" + $ACL.AccessControlType + "`",`"" + $ACL.IsInherited + "`",`"" + $ACL.InheritanceFlags + "`",`"" + $ACL.PropagationFlags + "`",`"" + $ACL.FileSystemRights + "`""
Add-Content -Value $OutInfo -Path $OutFile
              }

         }
     }
 }

Open in new window

0
 
LVL 24

Expert Comment

by:NVIT
ID: 41887615
Question answered.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question