SquigglyMonkey
asked on
powershell filter out some findings
I am looking at permissions and the code part below works fine, I would however like to not see some results, like "builtin".
I was trying where-object, but that's not helping, and/or I can't get the syntax right. Is there a simple way to not display, or filter out findings such as builtin and administrators, etc?
Thanks!!
I was trying where-object, but that's not helping, and/or I can't get the syntax right. Is there a simple way to not display, or filter out findings such as builtin and administrators, etc?
get-Acl | Format-List -property AccessToString | Out-File -append "C:\somepathorother\shares.txt"
Thanks!!
ASKER
Well, darn it. I thought that would be the relevant part and would be all I needed.
This line is part of a script I found, which returns the folder permissions, and all the subdirectory names and permissions as well. It does everything that I need, except that it also returns "built in" "NT Authority" "Administrators, "creator owner", which I do not need.
I can filter them out in Excel, but it would be nice to not have them included in the first place.
This line is part of a script I found, which returns the folder permissions, and all the subdirectory names and permissions as well. It does everything that I need, except that it also returns "built in" "NT Authority" "Administrators, "creator owner", which I do not need.
I can filter them out in Excel, but it would be nice to not have them included in the first place.
#Set variables
$path = Read-Host "Enter the path you wish to check"
$filename = Read-Host "Enter Output File Name"
$date = Get-Date
#Place Headers on out-put file
$list = "Permissions for directories in: $Path"
$list | format-table | Out-File "C:\somepathorother\get-ntfs\$filename"
$datelist = "Report Run Time: $date"
$datelist | format-table | Out-File -append "C:\somepathorother\get-ntfs\$filename"
$spacelist = " "
$spacelist | format-table | Out-File -append "C:\somepathorother\get-ntfs\$filename"
#Populate Folders Array
[Array] $folders = Get-ChildItem -path $path -force -recurse | Where {$_.PSIsContainer}
#Process data in array
ForEach ($folder in [Array] $folders)
{
#Convert Powershell Provider Folder Path to standard folder path
$PSPath = (Convert-Path $folder.pspath)
$list = ("Path: $PSPath")
$list | format-table | Out-File -append "C:\somepathorother\get-ntfs\$filename"
Get-Acl -path $PSPath | Format-List -property AccessToString | Out-File -append "C:\somepathorother\get-ntfs\$filename"
} #end ForEach
Hey FooTech, Squiggy Monkey,
The Get-ACL is one of those annoying nested sets, you can't get the sub-properties of the Access Control rule easily from the expanded select.
So you'll end up with a bunch of blanks for everything except "IdentityReference".
To get around this you can use the Foreach command to walk over the object instances and get the desired properties.
This is the updated command Footech wrote but which uses for-each to get the values instead of having blanks:
The Get-ACL is one of those annoying nested sets, you can't get the sub-properties of the Access Control rule easily from the expanded select.
So you'll end up with a bunch of blanks for everything except "IdentityReference".
To get around this you can use the Foreach command to walk over the object instances and get the desired properties.
This is the updated command Footech wrote but which uses for-each to get the values instead of having blanks:
Get-Acl | Select -ExpandProperty Access | Where {$_.IdentityReference -notlike "BUILTIN*"} | Foreach {"""$($_.IdentityReference)"",""$($_.FileSystemRights)"",""$($_.AccessControlType)"""}| Export-CSV "C:\somepathorother\shares.csv"
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So you'll end up with a bunch of blanks for everything except "IdentityReference".Ben, I'm not sure where you're getting this. Every ACL object returned by the Access property will have the same properties:
FileSystemRights, AccessControlType, IdentityReference, IsInherited, InheritanceFlags, PropagationFlags
Inserting the ForEach-Object as you've done only changes how you're referencing the properties, calling them directly within a string. If any were blank (which none are) they would still appear blank in your string.
Also wanted to point out that Format-Table is not doing anything on lines 8, 10, 12, and 23, as it's just piping a string, not a complex object with properties.
Hey Footech,
Might be something in my environment, but I've run into this issue with Get-ACL and other objects like it before myself where only part of the info will show unless you use a foreach.
Specifically, in this case, the only element which will display using your code is "Identity reference" and ONLY when it's the FIRST item in the select.
Here I'll give you an example, I have a file test.txt, and I want to see the access rules on it:
By using the Op's original code I get:
Using My Code I get:
Using your Code I get:
Here is a nicer picture of it:
The lines are needlessly long because I was in the middle of another Get-ACL with recursion thing and just reused it.
So, just to be clear, I thought I'd show you get exactly the same behavior when using a simple string and no outer foreach:
Might be something in my environment, but I've run into this issue with Get-ACL and other objects like it before myself where only part of the info will show unless you use a foreach.
Specifically, in this case, the only element which will display using your code is "Identity reference" and ONLY when it's the FIRST item in the select.
Here I'll give you an example, I have a file test.txt, and I want to see the access rules on it:
By using the Op's original code I get:
AccessToString : NT AUTHORITY\SYSTEM Allow FullControl
BUILTIN\Administrators Allow FullControl
MyDomain\MyUserName Allow FullControl
Using My Code I get:
NT AUTHORITY\SYSTEM FullControl Allow
BUILTIN\Administrators FullControl Allow
MyDomain\MyUserName FullControl Allow
Using your Code I get:
IdentityReference
-----------------
NT AUTHORITY\SYSTEM
BUILTIN\Administrators
MyDomain\MyUserName
Here is a nicer picture of it:
The lines are needlessly long because I was in the middle of another Get-ACL with recursion thing and just reused it.
So, just to be clear, I thought I'd show you get exactly the same behavior when using a simple string and no outer foreach:
I think I can partially explain that behavior, but I can't duplicate your results.
I think you must be using something pre- PS 5.0, as the behavior of Format-Table changed. Before, when using Format-Table (even implicitly), if the first object in the pipeline didn't have a property no header would be created for it, so even if other objects in the pipeline did, the property wouldn't get displayed.
However, I'm unable to get any ACE in an ACL which doesn't have all properties (an ACE has to have all properties for it to even be valid). If you wouldn't mind doing a little troubleshooting, we may be able to learn something and discover why you're seeing different results. Try adding a pipe to Format-List at the end of the command showing only results for IdentityReference and post back the results.
I think you must be using something pre- PS 5.0, as the behavior of Format-Table changed. Before, when using Format-Table (even implicitly), if the first object in the pipeline didn't have a property no header would be created for it, so even if other objects in the pipeline did, the property wouldn't get displayed.
However, I'm unable to get any ACE in an ACL which doesn't have all properties (an ACE has to have all properties for it to even be valid). If you wouldn't mind doing a little troubleshooting, we may be able to learn something and discover why you're seeing different results. Try adding a pipe to Format-List at the end of the command showing only results for IdentityReference and post back the results.
I believe you mean to say "Select object" instead of FT? AFAIA, one does not overload the other.
We definitely don't have Powershell 5.0 anywhere in our environment, I double-checked and the systems I was testing on still are PS 2.0 so could be that, I haven't tested using PS 4.0.
Would be nice if this was cleared up sooner than 5.0, so I'll test on 4.0 later.
Not sure where it changes, but for us we'd be unable to use this on any of the PS 2.0 systems, of which we still have a large number, except by using the for each code, unless you know of an easier way to get around that and offer backwards and forwards compatibility because it's quite annoying versus a simple "Select-Object".
We definitely don't have Powershell 5.0 anywhere in our environment, I double-checked and the systems I was testing on still are PS 2.0 so could be that, I haven't tested using PS 4.0.
Would be nice if this was cleared up sooner than 5.0, so I'll test on 4.0 later.
Not sure where it changes, but for us we'd be unable to use this on any of the PS 2.0 systems, of which we still have a large number, except by using the for each code, unless you know of an easier way to get around that and offer backwards and forwards compatibility because it's quite annoying versus a simple "Select-Object".
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window