?
Solved

exporting security groups assigned to folders

Posted on 2016-10-26
3
Medium Priority
?
69 Views
Last Modified: 2016-11-15
Hello. I need to find out which security groups are assigned to folders share permissios(folders exist on a file share server). does anyone have a script for powershell or a free tool that we can use to obtain this. please let me know.
0
Comment
Question by:Newguy 123
  • 2
3 Comments
 
LVL 26

Accepted Solution

by:
NVIT earned 1000 total points (awarded by participants)
ID: 41862651
Use AccessEnum

https://technet.microsoft.com/en-us/sysinternals/accessenum.aspx

AccessEnum uses standard Windows security APIs to populate its listview with read, write and deny access information.

You can export to CSV file format.
0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 1000 total points (awarded by participants)
ID: 41862822
If you want a script aswell I used this powershell recently to document permissions set on each folder down tree of a file server... in that case was looking on a drive mapped to S:

There are four things to edit.  The $outfile to point to where you want CSV results.  $RootPath to where you want it to navigate down from and in this line we excluded two groups that wanted excluding.  Amend them or remove them as needed.

Steve

and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))

Open in new window


$OutFile = "c:\somedir\Permissions.csv" 
 $maxdepth = 5
 $RootPath = "S:\" 
 $actual_depth_param = [int]([regex]::Matches($RootPath, "\\")).count + [int]$maxdepth + 0
 $Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

 foreach ($Folder in $Folders)
 { 
     if (([regex]::Matches($Folder.fullname, "\\")).count -lt $actual_depth_param)
     { 
         $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access } 
         Foreach ($ACL in $ACLs)
         { 
             if (($ACL.IsInherited -eq $FALSE) -and !($ACL.IdentityReference -eq "DomainName\Domain Admins") -and !($ACL.IdentityReference -eq "DOMAIN\Some Shared Group"))
              {
                 $OutInfo = "`"" + $Folder.Fullname + "`",`"" +  $ACL.IdentityReference + "`",`"" + $ACL.AccessControlType + "`",`"" + $ACL.IsInherited + "`",`"" + $ACL.InheritanceFlags + "`",`"" + $ACL.PropagationFlags + "`",`"" + $ACL.FileSystemRights + "`""
Add-Content -Value $OutInfo -Path $OutFile
              }

         }
     }
 }

Open in new window

0
 
LVL 26

Expert Comment

by:NVIT
ID: 41887615
Question answered.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question