Logging output of New-Object

by injector at 2012-12-21 13:31:05

I have the following code which will add Administrators full permissions to one of our shares recursively, however when it does this it does not give me any success or failure notices, I would like to add some logging to it so i can later review and see what files did not take the permissions.

$FilesAndFolders = gci "Z:" -recurse | % {$.FullName}
foreach($FileAndFolder in $FilesAndFolders)
{
#using get-item instead because some of the folders have '[' or ']' character and Powershell throws exception trying to do a get-acl or set-acl on them.
$item = gi -literalpath $FileAndFolder
$acl = $item.GetAccessControl()
$permission = "administrators","FullControl","Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($rule)
$item.SetAccessControl($acl)
}



Any ideas on how I could accomplish this would be greatly appreciated.
by nohandle at 2012-12-22 02:50:55
If the permissions are not written successfully you receive an exception. use try catch [exception type](exceptions are described here.) If you don’t recieve any the permissions were written successfully.

[quote="injector"]Â #using get-item instead because some of the folders have ‘[’ or ‘]’ character and Powershell throws exception trying to do a get-acl or set-acl on them.[/quote]
On related note, on interactive session the [] wildcards can be escaped by ```` (only necessary for the starting bracket [) if you provide normal (not literal) path. But is does not seem to work for the set-acl cmdlet. Fortunately in Powershell 3.0 there is Literal path parameter on both cmdlets.
by injector at 2012-12-28 05:30:06
So would something like this work to output the exception to the screen as well as an output file?

CLS
Try {

$FilesAndFolders = gci "Z:" -recurse | % {$
.FullName}
foreach($FileAndFolder in $FilesAndFolders)
{
#using get-item instead because some of the folders have '[' or ']' character and Powershell throws exception trying to do a get-acl or set-acl on them.
$item = gi -literalpath $FileAndFolder
$acl = $item.GetAccessControl()
$permission = "administrators","FullControl","Allow"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($rule)
$item.SetAccessControl($acl)
}
}

Catch [System.Exception]
{

Write-Host "Excemption caught, Saved to log"
Write-Host $
Write-Host $
| Out-File z:\Permissions.log -width 120

}
by nohandle at 2012-12-28 07:04:15
If any exception is raised, the foreach is terminated and the rest of the files is not processed in this case. Try to rethink the flow and post updated code. :slight_smile:

notes:
The last error is stored in $error[0].

If you want to save every terminating exception in the current scope to file, using trap {<#save error[0] to log#>
break}
is the easiest solution.