Solved

exporting security groups assigned to folders

Posted on 2016-10-26
3
23 Views
Last Modified: 2016-11-15
Hello. I need to find out which security groups are assigned to folders share permissios(folders exist on a file share server). does anyone have a script for powershell or a free tool that we can use to obtain this. please let me know.
0
Comment
Question by:Newguy 123
  • 2
3 Comments
 
LVL 23

Accepted Solution

by:
NVIT earned 250 total points (awarded by participants)
ID: 41862651
Use AccessEnum

https://technet.microsoft.com/en-us/sysinternals/accessenum.aspx

AccessEnum uses standard Windows security APIs to populate its listview with read, write and deny access information.

You can export to CSV file format.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 250 total points (awarded by participants)
ID: 41862822
If you want a script aswell I used this powershell recently to document permissions set on each folder down tree of a file server... in that case was looking on a drive mapped to S:

There are four things to edit.  The $outfile to point to where you want CSV results.  $RootPath to where you want it to navigate down from and in this line we excluded two groups that wanted excluding.  Amend them or remove them as needed.

Steve

and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))

Open in new window


$OutFile = "c:\somedir\Permissions.csv" 
 $maxdepth = 5
 $RootPath = "S:\" 
 $actual_depth_param = [int]([regex]::Matches($RootPath, "\\")).count + [int]$maxdepth + 0
 $Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

 foreach ($Folder in $Folders)
 { 
     if (([regex]::Matches($Folder.fullname, "\\")).count -lt $actual_depth_param)
     { 
         $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access } 
         Foreach ($ACL in $ACLs)
         { 
             if (($ACL.IsInherited -eq $FALSE) -and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))
              {
                 $OutInfo = "`"" + $Folder.Fullname + "`",`"" +  $ACL.IdentityReference + "`",`"" + $ACL.AccessControlType + "`",`"" + $ACL.IsInherited + "`",`"" + $ACL.InheritanceFlags + "`",`"" + $ACL.PropagationFlags + "`",`"" + $ACL.FileSystemRights + "`""
Add-Content -Value $OutInfo -Path $OutFile
              }

         }
     }
 }

Open in new window

0
 
LVL 23

Expert Comment

by:NVIT
ID: 41887615
Question answered.
0

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now