I’m working on a script that audits the NTFS security of a file server share, looks only at Explicit security, and returns a list using a reader-friendly name and permissions. Unfortunately, AD Users and AD Groups can both be assigned to NTFS security (preferably AD Groups). So when I pull the results and convert the account names (\SOMEDOMAIN\ADUSER) to a Friendly Name (ADUSER.FirstName ADUSER.LastName) Groups are ignored. Is there some Powershell code I could incorporate to retrieve the group memberships and list the users along with their permissions?
For this script I’m using the NTFSSecurity Module:
#This script creates a custom object from the NTFS Security on a File Share #Only individual AD Users will be listed in the resulting csv file
$path=Read-Host “Enter UNC or local folder path”
$perms=Get-Item “$path” | Get-NTFSAccess -ExcludeInherited | ForEach{
New-Object PSObject -Property @{
Account=$.Account;
FriendlyName=$(Get-ADUser -Identity $(($.Account -split “SOMEDOMAIN\”)[1])).Name;
Access=$_.AccessRights
}
}
$perms | Where-Object FriendlyName -ne $null | Select-Object FriendlyName,Access | Export-Csv “C:\temp\NTFSPerms.csv”