1. 技术文章
  2. NTFS permission with modify date

NTFS permission with modify date

蓝咒 提交于 2020-01-17 05:37:46

问题


I want to export NTFS permissions of folders and subfolders on the server to a CSV. It should show users and groups with permissions and last modify date of folders.

Here is what I have got so far, but it doesn't show modify date and it exports disorganize.

Get-ChildItem C:\FILES\ -Recurse | where {$_.PSIsContainer} |
  Get-Acl | % {
    $path = $_.Path
    $_.Access | % {
      New-Object PSObject -Property @{
        Folder      = $path.Replace("Microsoft.PowerShell.Core\FileSystem::", "")
        Access      = $_.FileSystemRights
        Control     = $_.AccessControlType
        User        = $_.IdentityReference
        Inheritance = $_.IsInherited
      }
    }
  } | ? {$_.Inheritance} | Export-Csv C:\Users\test_dump.csv -Force

回答1:


This is a case where using a convoluted oneliner is hurting you. An actual script is much more readable.

# set path to search
$SearchPath = 'C:\FILES'

# file for results
$ExportFile = 'C:\temp\testdump.csv'

# get list of folders
# if you're using PS v2 use | where{$_.psIsContainer} instead of -Directory to filter for directories
$FolderList = Get-ChildItem $SearchPath -Directory -Recurse

# get list of subfolders
foreach ($Folder in $FolderList) {
    $FolderACL = Get-Acl $Folder.FullName 

    # get list of access objects for each folder
    foreach ($Access in $FolderACL.Access) {

        # Filter to only show explicit permissions
        # if ($Access.IsInherited) { Return }

        # custom object to hold the access object + path + lastwrite
        $export = New-Object -TypeName PSObject -Property @{
            Folder  = $FolderACL.Path.Replace("Microsoft.PowerShell.Core\FileSystem::","")
            Access  = $Access.FileSystemRights
            Control = $Access.AccessControlType
            User    = $Access.IdentityReference
            Inheritance = $Access.IsInherited
            LastModified = $Folder.LastWriteTime
        }
        $export | Export-CSV -Path $ExportFile -NoTypeInformation -Append

    }

}

In your pipeline, you had | ? {$_.Inheritance}. This is only going to show you inherited permissions. I suspect you want the opposite. IF this is the case, uncomment the explicit permissions filter.




回答2:


Move one ForEach-Object before the Get-Acl, and use the DirectoryInfo objects for path and modification time. I'd also filter for inherited permissions before creating the objects (creating objects first and throwing them away later is a waste of resources).

$root = 'C:\files'
$csv  = 'C:\path\to\test_dump.csv'

Get-ChildItem $root -Recurse |
  Where-Object { $_.PSIsContainer } |
  ForEach-Object {
    $dir = $_
    Get-Acl $dir | Select-Object -Expand Access |
      Where-Object { $_.IsInherited } |
      ForEach-Object {
        New-Object PSObject -Property @{
          Folder       = $dir.FullName
          Access       = $_.FileSystemRights
          Control      = $_.AccessControlType
          User         = $_.IdentityReference
          Inheritance  = $_.IsInherited
          LastModified = $dir.LastWriteTime
        }
      }
  } | Export-Csv $csv -Force

If you have at least PowerShell v3 you can use Get-ChildItem -Directory instead of having to filter for $_.PSIsContainer.



来源:https://stackoverflow.com/questions/33378426/ntfs-permission-with-modify-date

标签
powershell
acl
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!