1

所以基本上我有下面的脚本,它为 NTFS 生成如下输出:

Folder Path   IdentityReference    AccessControlType     IsInherited        InheritanceFlags    PropagationFlags
E:\Folder\    DOMAIN\User1         Allow                 True/False         ContainerInherit     Object Inherit
E:\Folder\    DOMAIN\User2         Deny                  True/False         ContainerInherit     Object Inherit

Allow/Deny虽然这很有用,但如果我能得到一个指示Read/Write/Modify/FullControl标志的输出而不是我会更好。

请参阅我的以下代码,任何想法都值得赞赏!

$OutFile = "C:\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile 

$RootPath = "E:\Folder"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
    $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
    Foreach ($ACL in $ACLs){
    $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
    Add-Content -Value $OutInfo -Path $OutFile
    }}
4

2 回答 2

2

对于那些希望将其包装在函数中的人,请尝试以下操作:

Function Get-FolderPermissions {
 Param($FolderPath)

If(-not (Test-Path $FolderPath)){

    Write-Warning "$FolderPath not valid!"
    return

}

$FolderPath = $(Get-Item $FolderPath).fullname

$ACLs = Get-Acl $FolderPath | ForEach-Object { $_.Access  }

$ACLs | Select-Object @{n='FolderPath';e={$FolderPath}}, IdentityReference, AccessControlType, IsInherited, InheritanceFlags, PropagationFlags, FileSystemRights


}

然后您可以像这样导出到 CSV:

Get-FolderPermissions 'C:\Folder' | Export-Csv 'C:\Results.csv' -NoTypeInfo

或来自父文件夹的多个文件夹:

$Folders = Get-ChildItem 'C:\Folder' -recurse | where {$_.psiscontainer -eq $true}
$Folders | %{ Get-FolderPermissions $_.FullName } | Export-Csv 'C:\Results.csv' -NoTypeInfo
于 2014-06-23T13:37:19.663 回答
2

您要查找的属性是$ACL.FileSystemRights

$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited," +
          "InheritanceFlags,PropagationFlags,FileSystemRights"

#...

$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," +
           $ACL.AccessControlType + "," + $ACL.IsInherited + "," +
           $ACL.InheritanceFlags + "," + $ACL.PropagationFlags + "," +
           $ACL.FileSystemRights
于 2013-03-13T20:30:28.827 回答