I am trying to come up with a way to look for anomalies in file shares.
The files should subfolders will have inherited their permission from the root, but I’m looking to see if any folders/files differ.
I can get the permissions using a simple get-acl, but I was wondering how can i compare the permission with a subfolder?
#gets root folder's permissions $rootPermissions = (get-acl '\\fileserver\share1').access $subfolders = get-childitem -recurse '\\fileserver\share1' foreach($subfolder in $subfolders) { #somehow compare? compare $rootpermissions with $subfolder.access if not a match { "$subfolder has different permission" } }
A mixture of pseudo code there, but any suggestions on how to compare the permissions of the root to each subfolder’s?
Edit: The only 2 properties I really need to look at is identityreference and AccessControlType
So if root has
Accesscontroltype Identityreference
Allow domain\user1
Allow domain\user2
and sub has
Accesscontroltype Identityreference
Allow domain\user1
Allow domain\user2
Allow domain\user3
It would alert that ‘subfolder has User3’ and say it was missing domain\user2 it would alert that as well.