ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Need help with powershell

    Scheduled Pinned Locked Moved IT Discussion
    powershell
    11 Posts 5 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Tagged with PowerShell. Surprised no one has jumped on this yet.

      EddieJenningsE 1 Reply Last reply Reply Quote 0
      • dafyreD
        dafyre
        last edited by

        The Script you have gives you the path with ANY permissions that aren't inherited. Using the Get-ACL, it looks at anything that has permissions assigned to the folder. So it's looking in there and telling you "This path has somebody with permissions that are not inherited."

        I take it the question you are wanting to answer is: WHO has permissions that are not inherited?

        1 Reply Last reply Reply Quote 2
        • wrx7mW
          wrx7m
          last edited by

          I could benefit from this. A simple ACL auditing script could come in handy.

          1 Reply Last reply Reply Quote 1
          • dafyreD
            dafyre
            last edited by dafyre

            GitHub link: https://github.com/dafyre/PoweshellScripts/blob/master/folderInheritance.ps1

            <#
.SYNOPSIS
  File / Folder Auditing script to determine which users have permissions that are *NOT* inherited.

.DESCRIPTION
   Date UpdatedBy Details
   08/10/2017 BW  Initial coding.
#>

$path="C:\TEMP"
$outFile="myFolderInheritance.csv"

$nonInherited=new-object System.Collections.ArrayList

$folders=dir $path -Directory -recurse|get-acl|
select @{Label='Path';Expression={$_.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","")}},
@{Label='User';Expression={$_.Access.identityReference}},
@{Label='IsInherited';Expression={$_.Access.IsInherited}}|
where {$_.IsInherited -eq $false}

foreach ($item in $folders) {
 $pass=0
 write-host "Checking folder $($item.path)"
 foreach ($user in $item.user) {
  #$x=$nonInherited "$($item.Path), $($user),$($item.IsInherited[$pass])"
  $x=$noninherited.add("$($item.Path), $($user),$($item.IsInherited[$pass])")
  $pass=$pass++
 }
}

$nonInherited|out-file -FilePath $outFile


write-host "Done."
            S 1 Reply Last reply Reply Quote 1
            • dafyreD
              dafyre
              last edited by

              The Above script outputs a csv file (named myFolderInheritance.csv) that looks something like the following when run against C:\Program Files... (this is just a snippet)

              C:\Program Files\Internet Explorer, CREATOR OWNER,False
C:\Program Files\Internet Explorer, NT AUTHORITY\SYSTEM,False
C:\Program Files\Internet Explorer, NT AUTHORITY\SYSTEM,False
C:\Program Files\Internet Explorer, BUILTIN\Administrators,False
C:\Program Files\Internet Explorer, BUILTIN\Administrators,False
C:\Program Files\Internet Explorer, BUILTIN\Users,False
C:\Program Files\Internet Explorer, BUILTIN\Users,False
C:\Program Files\Internet Explorer, NT SERVICE\TrustedInstaller,False
C:\Program Files\Internet Explorer, NT SERVICE\TrustedInstaller,False
C:\Program Files\Internet Explorer, APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES,False
C:\Program Files\Internet Explorer, APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES,False
C:\Program Files\Internet Explorer, APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES,False
C:\Program Files\Internet Explorer, APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES,False
              1 Reply Last reply Reply Quote 0
              • EddieJenningsE
                EddieJennings @scottalanmiller
                last edited by

                @scottalanmiller said in Need help with powershell:

                Tagged with PowerShell. Surprised no one has jumped on this yet.

                I did not have time yesterday to research an answer. 🙂

                1 Reply Last reply Reply Quote 0
                • S
                  stess @dafyre
                  last edited by

                  @dafyre said in Need help with powershell:

                  GitHub link: https://github.com/dafyre/PoweshellScripts/blob/master/folderInheritance.ps1

                  <#
.SYNOPSIS
  File / Folder Auditing script to determine which users have permissions that are *NOT* inherited.

.DESCRIPTION
   Date UpdatedBy Details
   08/10/2017 BW  Initial coding.
#>

$path="C:\TEMP"
$outFile="myFolderInheritance.csv"

$nonInherited=new-object System.Collections.ArrayList

$folders=dir $path -Directory -recurse|get-acl|
select @{Label='Path';Expression={$_.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","")}},
@{Label='User';Expression={$_.Access.identityReference}},
@{Label='IsInherited';Expression={$_.Access.IsInherited}}|
where {$_.IsInherited -eq $false}

foreach ($item in $folders) {
 $pass=0
 write-host "Checking folder $($item.path)"
 foreach ($user in $item.user) {
  #$x=$nonInherited "$($item.Path), $($user),$($item.IsInherited[$pass])"
  $x=$noninherited.add("$($item.Path), $($user),$($item.IsInherited[$pass])")
  $pass=$pass++
 }
}

$nonInherited|out-file -FilePath $outFile


write-host "Done."

                  These works to certain extend of what I am looking for, but it needs some tweaking to work the way I am expecting the result.
                  Thanks!

                  dafyreD 1 Reply Last reply Reply Quote 0
                  • dafyreD
                    dafyre @stess
                    last edited by

                    @stess said in Need help with powershell:

                    @dafyre said in Need help with powershell:

                    GitHub link: https://github.com/dafyre/PoweshellScripts/blob/master/folderInheritance.ps1

                    <#
.SYNOPSIS
  File / Folder Auditing script to determine which users have permissions that are *NOT* inherited.

.DESCRIPTION
   Date UpdatedBy Details
   08/10/2017 BW  Initial coding.
#>

$path="C:\TEMP"
$outFile="myFolderInheritance.csv"

$nonInherited=new-object System.Collections.ArrayList

$folders=dir $path -Directory -recurse|get-acl|
select @{Label='Path';Expression={$_.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","")}},
@{Label='User';Expression={$_.Access.identityReference}},
@{Label='IsInherited';Expression={$_.Access.IsInherited}}|
where {$_.IsInherited -eq $false}

foreach ($item in $folders) {
 $pass=0
 write-host "Checking folder $($item.path)"
 foreach ($user in $item.user) {
  #$x=$nonInherited "$($item.Path), $($user),$($item.IsInherited[$pass])"
  $x=$noninherited.add("$($item.Path), $($user),$($item.IsInherited[$pass])")
  $pass=$pass++
 }
}

$nonInherited|out-file -FilePath $outFile


write-host "Done."

                    These works to certain extend of what I am looking for, but it needs some tweaking to work the way I am expecting the result.
                    Thanks!

                    How are you wanting the result to look?

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      stess @dafyre
                      last edited by

                      @dafyre said in Need help with powershell:

                      @stess said in Need help with powershell:

                      @dafyre said in Need help with powershell:

                      GitHub link: https://github.com/dafyre/PoweshellScripts/blob/master/folderInheritance.ps1

                      <#
.SYNOPSIS
  File / Folder Auditing script to determine which users have permissions that are *NOT* inherited.

.DESCRIPTION
   Date UpdatedBy Details
   08/10/2017 BW  Initial coding.
#>

$path="C:\TEMP"
$outFile="myFolderInheritance.csv"

$nonInherited=new-object System.Collections.ArrayList

$folders=dir $path -Directory -recurse|get-acl|
select @{Label='Path';Expression={$_.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","")}},
@{Label='User';Expression={$_.Access.identityReference}},
@{Label='IsInherited';Expression={$_.Access.IsInherited}}|
where {$_.IsInherited -eq $false}

foreach ($item in $folders) {
 $pass=0
 write-host "Checking folder $($item.path)"
 foreach ($user in $item.user) {
  #$x=$nonInherited "$($item.Path), $($user),$($item.IsInherited[$pass])"
  $x=$noninherited.add("$($item.Path), $($user),$($item.IsInherited[$pass])")
  $pass=$pass++
 }
}

$nonInherited|out-file -FilePath $outFile


write-host "Done."

                      These works to certain extend of what I am looking for, but it needs some tweaking to work the way I am expecting the result.
                      Thanks!

                      How are you wanting the result to look?

                      The script doesn't appear to be showing false on non-inheritance. There either True or False for every member of the folder regardless of their inheritance.

                      I am looking into this post right now as it was brought up in Spiceworks.
                      It shows the result I am hoping for where non-inheritance = false and inherited = true.

                      dafyreD 1 Reply Last reply Reply Quote 0
                      • dafyreD
                        dafyre @stess
                        last edited by dafyre

                        @stess said in Need help with powershell:

                        @dafyre said in Need help with powershell:

                        @stess said in Need help with powershell:

                        @dafyre said in Need help with powershell:

                        GitHub link: https://github.com/dafyre/PoweshellScripts/blob/master/folderInheritance.ps1

                        <#
.SYNOPSIS
  File / Folder Auditing script to determine which users have permissions that are *NOT* inherited.

.DESCRIPTION
   Date UpdatedBy Details
   08/10/2017 BW  Initial coding.
#>

$path="C:\TEMP"
$outFile="myFolderInheritance.csv"

$nonInherited=new-object System.Collections.ArrayList

$folders=dir $path -Directory -recurse|get-acl|
select @{Label='Path';Expression={$_.PSPath.replace("Microsoft.PowerShell.Core\FileSystem::","")}},
@{Label='User';Expression={$_.Access.identityReference}},
@{Label='IsInherited';Expression={$_.Access.IsInherited}}|
where {$_.IsInherited -eq $false}

foreach ($item in $folders) {
 $pass=0
 write-host "Checking folder $($item.path)"
 foreach ($user in $item.user) {
  #$x=$nonInherited "$($item.Path), $($user),$($item.IsInherited[$pass])"
  $x=$noninherited.add("$($item.Path), $($user),$($item.IsInherited[$pass])")
  $pass=$pass++
 }
}

$nonInherited|out-file -FilePath $outFile


write-host "Done."

                        These works to certain extend of what I am looking for, but it needs some tweaking to work the way I am expecting the result.
                        Thanks!

                        How are you wanting the result to look?

                        The script doesn't appear to be showing false on non-inheritance. There either True or False for every member of the folder regardless of their inheritance.

                        I am looking into this post right now as it was brought up in Spiceworks.
                        It shows the result I am hoping for where non-inheritance = false and inherited = true.

                        Ah, okay. I thought you wanted to only see the ones where Inherited=False...

                        So you want to see everything, and whether or not it is inherited?

                        Edit: Also for the CSV File generated, the layout is

                        Folder, User, Is Inherited

                        Is Inhertied is True or False.

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        • First post
                          Last post