I have a project whose description is this:
- Declare a folder and one level deep, do a search on each subfolder looking for any permission that has Deny Rights. List the folder name, the Group/user that is denied, the Permission that is denied and the Deny Writes.
- Also, if the folder has NO Deny rights for Any Group or user, please indicate so.
Number 2 is the problem I am having and it has more to do with Tracking when the script has or hasn’t found a ‘Deny’ credential for the folder. This is what I have so far
#Get list of folders and acquire Access Controls lists for each folder
$acls = get-childitem .\Custom | Get-Acl
#Iterate through Each ACL
foreach ($acl in $acls)
{
#Iterate through each ACS's access control and test for any 'Deny' Right.
foreach ($access in $acl.Access)
{
if ($access.AccessControlType -eq "Deny")
{
#IF a Deny is found, list the Name of Folder, the Access and the file system right that is denied
$acl.pschildname
$access.IdentityReference.value
$access.FileSystemRights
$access.AccessControlType
}
}
}
From this, I tried declaring a ‘Deny Toggle’ and setting it to False and if a permission was found with deny privileges, it would change that ‘Deny Toggle’ to True, but then the for loop doesn’t really give me an opportunity to report on a folder that does not have ANY deny rights. I believe I might have to consider a different method than a for-loop but this is where my experience with PowerShell is restraining me. My experience lies mostly with for-loops and if-then-else statements.