NTFS, PowerShell, Get-ACL & listing explicit rights

Posted by Chris on October 22, 2008 in PowerShell | Tags :, , , ,

A short script to list explicit rights assigned to a directory structure. It uses the recursive option of ls (an Alias for Get-ChildItem) to drop down through the directory structure.

There are lots of little programs around that can do exactly the same thing, probably quite a few more efficiently than this.

The match is not case sensitive. If the value for $SecurityPrincipal is left blank the script will return all explicitly assigned rights.

# Uses match, either a specific user / group or blank for all explicit rights
$SecurityPrincipal = "chris"
# The starting point
$BasePath = "C:\"

# An array to hold the data returned
$ExplicitRights = @()
ForEach ($DirEntry in (ls -r $BasePath)) {
  # Add an entry to the report where it matches the criteria set in the ? pipe

  $ExplicitRights += (Get-ACL -Path $DirEntry.FullName).Access `
    | Select-Object @{n="Path";e={($DirEntry.FullName)}}, `
      FileSystemRights,IsInherited,IdentityReference `
    | ?{ ((($_.IdentityReference.Value) -match $SecurityPrincipal) -and `
      ($_.IsInherited -eq $False))}
}
# Write the array to the screen. Piping into Export-CSV should work as well
$ExplicitRights

Related posts:

  1. Get-DsAcl The goal of this PowerShell function is to create a...
  2. Limit recursion depth with Get-ChildItem A PowerShell function that allows directory recursion to a specified...

Related posts brought to you by Yet Another Related Posts Plugin.

Respond to this post