The goal of this PowerShell function is to create a report of permissions assigned to objects in Active Directory in much the same way as DsRevoke.
Continue reading ‘Get-DsAcl’ »
Posts tagged ‘acl’
The cmdlet Get-ACL is very capable when it comes to NTFS permissions, but it cannot read share permissions. This function makes an effort to provide a simple way to return share security (and other information) from a share.
Continue reading ‘Reading share security with PowerShell’ »
NTFS (File System) and Share security can be enumerated using the Win32_LogicalFileSecuritySetting and Win32_LogicalShareSecuritySetting WMI classes. This post demonstrates how to use each class to read the security descriptors.
Continue reading ‘Reading NTFS and Share security with VbScript’ »
A script to read the mailbox security descriptor from Active Directory with the intention of finding a particular user or security principal. It will not display the security descriptor, it simply displays whether or not the account is present in the access control list.
Continue reading ‘Finding a user in Exchange mailbox security’ »
This script uses WMI to enumerate each access control entry in an NTFS access control list, looking for explicit entries, that is, entries that are not inherited.
Continue reading ‘NTFS, WMI, VbScript & listing explicit rights’ »
A short script to list explicit rights assigned to a directory structure. It uses the recursive option of ls (an Alias for Get-ChildItem) to drop down through the directory structure.
Continue reading ‘NTFS, PowerShell, Get-ACL & listing explicit rights’ »