none
Powerschell script to get Permission "List Folder contents" RRS feed

  • Question


  • we need to retrieve the Permission as showing on the UI from the powerschell script. We are using Get-Acl function to retrieve the data. The problem is for the Permissions 'List folder contents' and 'Read & execute' on folder, the output is showing 'ReadAndExecute, Synchronize', so we can't differentiate the access. The server is 2008.

    We need to differentiate the data for analysis.


    Script:


    $Folders = gc ".\shares4.txt"
    $Output =  ".\shares4.csv"
    $Hash=@()
    foreach($Folder in $Folders)
    {

    $path = $Folder
    $acl = Get-Acl $path

    foreach($accessRule in $acl.Access)
    {

    Write-Host "   " $accessRule.IdentityReference $accessRule.FileSystemRights
    $Report = "" | Select-Object FileShare, UserAccount, IsInherited, AccessControlType,Permissions
    $Report.FileShare = $path
    $Report.UserAccount = $accessRule.IdentityReference
    $Report.IsInherited = $accessRule.IsInherited
    $Report.AccessControlType = $accessRule.AccessControlType
    $Report.Permissions = $accessRule.FileSystemRights
    $Hash+=$Report
    }
    }
    $Hash | Export-Csv $Output -NoTypeInformation

    • Moved by Bill_Stewart Friday, July 27, 2018 6:40 PM This is not "debug/fix/rewrite my script for me" forum
    Thursday, May 3, 2018 10:33 PM

All replies

  • Many permission sets are aggregates without an enum.  With enums you have to match with "-in" to test.  The GUI unpacks these for you in various ways.


    \_(ツ)_/

    Friday, May 4, 2018 12:18 AM
  • Here is the easier way to do this:

    $folders = Get-Content .\shares4.txt
    Get-Acl $folders |
        ForEach-Object{
            $Foldername = ($_.PsPath -split '::')[1]
            $_.Access | select @{n='FolderName';e={$foldername}},*
        }


    \_(ツ)_/

    Friday, May 4, 2018 1:06 AM