I’m workoing on a script for some fileshare auditing. Initially, I was only concerned with who was able to modify and satisfied my needs. As I’m wrapping up my work with this script I wanted to make it more generic so that it could be reused in the future for say a read permission audit. Which is where this question comes from.
In my original code I had written the below line. $path is a unc path. Permission1 was originally hard coded to modify and permission2 was hard coded to fullcontrol. Swapping these for the following variables works no problem (as long as I defined them ahead of time which I have)
[pre]
$identities = get-acl -Path $path | foreach {$.access} | select filesystemrights, identityreference | where {$.filesystemrights -like “$permission1” -or $_.filesystemrights -like “$permission2”} | select -expand identityreference
[/pre]
But if I open the door to auditing read, then I need to search for fullcontrol, modify, and also read. So I thought instead of adding a 3rd comparison, and then potentially needing this line multiple times… what if I created a list of possible values and then compared against that.
So here comes a new variable called $permissions which could be set as so. $permissions = ‘modify’,‘fullcontrol’ and my new line should look something like this.
[pre]
get-acl -Path $path | foreach {$.access} | select filesystemrights, identityreference | where {$.filesystemrights -in $permissions} | select -expand identityreference
[/pre]
It half works. It still returns the 2 identities which match fullcontrol exactly. But it won’t return the identities that have rights of “DeleteSubdirectoriesAndFiles, Modify, Synchronize” or some combination where modify is burried in there. Is there a way to do this? Or should I just have 3 separate commands that are each written to accept 1,2, or 3 values to -or
Thanks