none
Extracting Folder Permissions RRS feed

  • Question

  • $AllFolders = Get-Item -Path "\\server1\example" -Force
    $Results = @()
    Foreach ($Folder in $AllFolders) {
        $Acl = Get-Acl -Path $Folder.FullName
        foreach ($Access in $acl.Access) {
            if ($Access.IdentityReference -notlike "BUILTIN\Administrators" -and $Access.IdentityReference -notlike "domain\Domain Admins" -and $Access.IdentityReference -notlike "CREATOR OWNER" -and $access.IdentityReference -notlike "NT AUTHORITY\SYSTEM") {
                $Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD Group'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
                $Results += New-Object -TypeName PSObject -Property $Properties
            }
        }
    }
    
    $Results | Export-Csv -path "C:\Test\Shares.csv"
    With this script, I am able to extract the folder permissions from the folder i choose, but I would like to make this do all the folder thats under "\\server1" and not only "\\server1\example". We have a lot of shared folders from \\server1 that we would like to know who has permissions and what kind of premissions they have. So if we could just extract all of this at once instead of doing one after one, that would be helpful. I have tried to do $AllFolders = Get-ChildItem -Path "\\server1\" -Force without any luck.

    • Edited by EmilWatt Friday, March 29, 2019 12:00 PM
    • Moved by Bill_Stewart Wednesday, September 4, 2019 7:47 PM This is not "design solution for me" forum
    Friday, March 29, 2019 11:57 AM

All replies

  • Hi Emiwatti,

    I am currently working on similiar script to pull out permission for all FP servers

    you can use get-wmiobject win32_share and then iterate the shared folder using foreach loop.

    please find the below script, which might help you 

    $ShareList=Get-WmiObject win32_share -ComputerName $Server | Where-Object {$_.Path -like "D:\*" -and $_.Name -notlike "*$*" -and $_.Name -ne "NETLOGON" -and $_.Name -ne "SYSVOL"} | select -ExpandProperty Name
    
    foreach($Share in $ShareList)
           {
            Get-childitem "\\$Server\$Share" | where{$_.psiscontainer} |
            Get-Acl | % {
                        $path = $_.Path
                        $_.Access | 
                         % {
                            New-Object PSObject -Property `
                                @{
                                  Folder = $path.Replace("Microsoft.PowerShell.Core\FileSystem::","")
                                  Access = $_.FileSystemRights
                                  Control = $_.AccessControlType
                                  User = $_.IdentityReference
                                  Inheritance = $_.IsInherited
                                  }
                            }
                           } | select-object -Property User, Access, Folder | Export-Csv "FileLocatio\FileName.csv" -NoTypeInformation
    
            }
    Regards
    Chetan
    -----------------------------------------------------------------------------------------
    Please remember to click "Mark as Answer" on the post if your question was answered appropriately. So, it can benefit all community members who are facing similar issues.



    Friday, March 29, 2019 2:56 PM
  • Hi Emiwatti,

    I am currently working on similiar script to pull out permission for all FP servers

    you can use get-wmiobject win32_share and then iterate the shared folder using foreach loop.

    please find the below script, which might help you 

    $ShareList=Get-WmiObject win32_share -ComputerName $Server | Where-Object {$_.Path -like "D:\*" -and $_.Name -notlike "*$*" -and $_.Name -ne "NETLOGON" -and $_.Name -ne "SYSVOL"} | select -ExpandProperty Name
    
    foreach($Share in $ShareList)
           {
            Get-childitem "\\$Server\$Share" | where{$_.psiscontainer} |
            Get-Acl | % {
                        $path = $_.Path
                        $_.Access | 
                         % {
                            New-Object PSObject -Property `
                                @{
                                  Folder = $path.Replace("Microsoft.PowerShell.Core\FileSystem::","")
                                  Access = $_.FileSystemRights
                                  Control = $_.AccessControlType
                                  User = $_.IdentityReference
                                  Inheritance = $_.IsInherited
                                  }
                            }
                           } | select-object -Property User, Access, Folder | Export-Csv "FileLocatio\FileName.csv" -NoTypeInformation
    
            }
    Regards
    Chetan
    -----------------------------------------------------------------------------------------
    Please remember to click "Mark as Answer" on the post if your question was answered appropriately. So, it can benefit all community members who are facing similar issues.



    To prevent confusion this is not what was asked for.  The share permissions are not folder permissions.

    Here is how to get share permissions in PowerShell:

    Get-SmbShare -Special $false|select -expand PresetPathAcl | select -Expand access


    \_(ツ)_/

    Friday, March 29, 2019 3:34 PM
  • Hello jrv,

    Thank you for your comment and agree with you (as always)

    However, I am using this script in an environemnt with Windows Server 2008. So, Get-SmbShare was not an option for me.

    Regards
    Chetan
    Friday, March 29, 2019 9:19 PM
  • Hello jrv,

    Thank you for your comment and agree with you (as always)

    However, I am using this script in an environemnt with Windows Server 2008. So, Get-SmbShare was not an option for me.

    Regards
    Chetan

    The comment was really about the first.  That was added as a bonus.  The big point is that your suggestion is not what the OP is asking.


    \_(ツ)_/

    Friday, March 29, 2019 9:27 PM
  • Thanks Jrv :)
    Friday, March 29, 2019 9:32 PM
  • Since no one wants to provide a reasonable answer....

    The easiest way to extract all permissions on a folder and all subfolders is with "ICACLS".  It can do this and generate a report.

    ICACLS /?

    For comprehensive reports on file security there are numerous third party tools.

    For PowerShell examples look in the Gallery.


    \_(ツ)_/

    Friday, March 29, 2019 9:37 PM
  • Hi Emiwatti,

    I am currently working on similiar script to pull out permission for all FP servers

    you can use get-wmiobject win32_share and then iterate the shared folder using foreach loop.

    please find the below script, which might help you 

    $ShareList=Get-WmiObject win32_share -ComputerName $Server | Where-Object {$_.Path -like "D:\*" -and $_.Name -notlike "*$*" -and $_.Name -ne "NETLOGON" -and $_.Name -ne "SYSVOL"} | select -ExpandProperty Name
    
    foreach($Share in $ShareList)
           {
            Get-childitem "\\$Server\$Share" | where{$_.psiscontainer} |
            Get-Acl | % {
                        $path = $_.Path
                        $_.Access | 
                         % {
                            New-Object PSObject -Property `
                                @{
                                  Folder = $path.Replace("Microsoft.PowerShell.Core\FileSystem::","")
                                  Access = $_.FileSystemRights
                                  Control = $_.AccessControlType
                                  User = $_.IdentityReference
                                  Inheritance = $_.IsInherited
                                  }
                            }
                           } | select-object -Property User, Access, Folder | Export-Csv "FileLocatio\FileName.csv" -NoTypeInformation
    
            }
    Regards
    Chetan
    -----------------------------------------------------------------------------------------
    Please remember to click "Mark as Answer" on the post if your question was answered appropriately. So, it can benefit all community members who are facing similar issues.



    Thanks for the answer, but this is not exactly what I was looking for.

    I am trying to extract permissions from all the folders from \\server1\ and not the folders under \\server1\folder.

    Monday, April 1, 2019 7:43 AM

  • Thanks for the answer, but this is not exactly what I was looking for.

    I am trying to extract permissions from all the folders from \\server1\ and not the folders under \\server1\folder.

    You will have to be clear about what you are asking. A server does not have folders. A server has shares and shares can have folders. What do you want. Do you want share permissions or do you want  the permissions of all of the folders under all shares on a server?


    \_(ツ)_/

    Monday, April 1, 2019 3:38 PM