«
»

A short script to list explicit rights assigned to a directory structure. It uses the recursive option of ls (an Alias for Get-ChildItem) to drop down through the directory structure.

There are lots of little programs around that can do exactly the same thing, probably quite a few more efficiently than this.

The match is not case sensitive. If the value for $SecurityPrincipal is left blank the script will return all explicitly assigned rights.

# Uses match, either a specific user / group or blank for all explicit rights
$SecurityPrincipal = "chris"
# The starting point
$BasePath = "C:\"

# An array to hold the data returned
$ExplicitRights = @()
ForEach ($DirEntry in (ls -r $BasePath)) {
  # Add an entry to the report where it matches the criteria set in the ? pipe

  $ExplicitRights += (Get-ACL -Path $DirEntry.FullName).Access `
    | Select-Object @{n="Path";e={($DirEntry.FullName)}}, `
      FileSystemRights,IsInherited,IdentityReference `
    | ?{ ((($_.IdentityReference.Value) -match $SecurityPrincipal) -and `
      ($_.IsInherited -eq $False))}
}
# Write the array to the screen. Piping into Export-CSV should work as well
$ExplicitRights

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

This entry was posted by Chris on October 22, 2008 at 12:50 pm under PowerShell. Tagged , , , , . You can leave a response, or trackback from your own site. Follow any responses to this entry through the RSS 2.0 feed.

One Comment

  1. Anon says:

    Thanks for the script.
    One improvement would be to only add entries to the ExplicitRights array when it matches the criteria. At the moment it still adds a NULL entry for every DirEntry that does not match (which also stops Export-CSV from working), which may slow down processing with thousands of files.

    November 22, 2011, 1:27 pm

Leave a Reply