So i’ve been playing around with this script to audit file server folder ACL’s, and it works great, just returning too much data. What i was hoping i could do is filter out the folders where there are no special permissions than the parent folder, I think this would help me reduce the amount of entries into my table and allow me to manipulate it into something more readable… Basically just return ACL info on parent Folder and any special permissions on child objects not inherited by parent.
$connectionString = “Server=;”
$tableName = “FilePermissions”
function WriteSQL ($query)
{
if ($debug -eq $true) {Write-Host $query}
$Connection = New-Object System.Data.SqlClient.SqlConnection
$Connection.ConnectionString = $connectionString
$Connection.Open()
$Command = New-Object System.Data.SqlClient.SqlCommand
$command.Connection = $Connection
$command.CommandText = $query
$command.ExecuteNonQuery()
$connection.Close()
}
$ErrorActionPreference = “Continue”
$strComputer = $env:ComputerName
$colDrives = Get-PSDrive -PSProvider Filesystem
ForEach ($DriveLetter in $colDrives) {
$StartPath = "E:\Share"
Get-ChildItem -LiteralPath $StartPath -Recurse -Directory |
ForEach {
$FullPath = Get-Item -LiteralPath (Get-Item -LiteralPath $.PSPath)
(Get-Item -LiteralPath $FullPath).GetAccessControl() |
Select * -Expand Access |
Select @{N=‘ServerName’;E={$strComputer}},
@{N=‘FullPath’;E={$FullPath}},
@{N=‘Type’;E={If($FullPath.PSIsContainer -eq $True) {‘D’} Else {‘F’}}},
@{N=‘Owner’;E={$.Owner}},
@{N=‘Trustee’;E={$.IdentityReference}},
@{N=‘Inherited’;E={$.IsInherited}},
@{N=‘InheritanceFlags’;E={$.InheritanceFlags}},
@{N=‘AceFlag’;E={$.PropagationFlags}},
@{N=‘AceType’;E={$.AccessControlType}},
@{N=‘AccessMasks’;E={$.FileSystemRights}} } |
%{
$query = "INSERT INTO $tableName (servername,fullpath,type,owner,trustee,inherited,inheritanceflags,aceflag,acetype,accessmasks) VALUES ('$($_.servername)','$($_.fullpath)','$($_.type)','$($_.owner)','$($_.trustee)','$($_.inherited)','$($_.inheritanceflags)','$($_.aceflag)','$($_.acetype)','$($_.accessmasks)')"
WriteSQL $query
}
}