Actions

Powershell: Folders ACL Parser

From Rabbi Blog

Purpose

We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometimes. This script reads the top level folders from the designated $PATH and grabs the ACL list, then asks AD for members of the SecGrp. Output to text.

To Do

  • This was a hackjob.

Code

$PATH="E:\SHARES\"
$DOMAIN="YOURDOMAIN\" #Ex: YOURDOMAIN\
#######################
#$date = get-date -Format d
$OUTPUT="ACL.txt"
write-host $OUTPUT
Remove-Item $output
$FOLDERS=Get-ChildItem -path $PATH -Directory

foreach ($FOLDER in $FOLDERS)
	{
	$FULLPATH=$PATH + $FOLDER

	write-host $FULLPATH
	Add-Content "$OUTPUT" ""
	Add-Content "$OUTPUT" "_____________________________"
	Add-Content "$OUTPUT" ""
	Add-Content "$OUTPUT" "$FULLPATH"
	$ACL_ACCESS=(Get-Acl -Path $FULLPATH).Access.IdentityReference
	foreach ($ACL in $ACL_ACCESS)
		{
		if ($ACL -like '*FILEACCESS_*')  #looking for specific AD SecGrps prefixes
			{
			#write-host "$ACL"
			$ACL=$ACL -replace "$DOMAIN\",""
			Add-Content "$OUTPUT" "$ACL"
			#write-host $ACL
			$ACCESS=Get-ADGroupMember -Identity "$ACL" -Recursive | Select-Object -ExpandProperty Name
			foreach ($MEMBER in $ACCESS)
				{
				Add-Content "$OUTPUT" "$MEMBER"	
				}
			}
		}

	}
Retrieved from "https://www.rabbibob.com/index.php?title=Powershell:_Folders_ACL_Parser&oldid=1420"