I'm trying to list all users who have access to a specific directory and the subfolders in this directory.

I've found this website that shows me how to do this pretty well. But I want to modify this script slightly so I can exclude certain built-in Windows users from the output.

So I found another link on StackOverflow that shows how to exclude a list of users from the results. But when I add the -notmatch to the existing PS script, the Group/User changes from the actual username to True or False for some reason.

What can I do to have this script filter out the users in the $ignore variable and have the Group/User show the username?

$ignore = @('BUILTIN\Administrators','CREATOR OWNER')
$ExcludeUsersRegex = ($ignore | % { [regex]::Escape($_) }) -join '|'

$FolderPath = Get-ChildItem -Directory -Path "D:\MSSQL" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
    $Acl = Get-Acl -Path $Folder.FullName
    ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference -notmatch $ExcludeUsersRegex;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
#$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Output  = New-Object -TypeName PSObject -Property $Properties            
}
}
$Output | Out-GridView

CodePudding user response：

You can filter at the loop level, so undesirable users aren't iterated through the loop.

ForEach($Access in ($Acl.Access|Where{$_.IdentityReference -notmatch $ExcludeUsersRegex})) {

That filters out the accesses that match a specific user name.