Home > Mobile >  Export Explicit ACL Permissions
Export Explicit ACL Permissions

Time:03-05

I am working on a Windows Server File Security project, and need the explicit ACL permissions for our " O:" and all of the subfolders. I am wanting to export it to an CSV for easy formatting. I am looking for a Powershell script that can list the folder name and the Security Group or User that has access to that folder.

$rootpath = "O:\ADSMO"
$outfile = "ExplicitACLs.txt" 
 
New-Variable acl 
 
$Report = @" 
Explicit permissions on folders under parent $rootpath. 
 
"@ 
 
$Report | out-file -Encoding ASCII -FilePath $outfile 
 
Get-ChildItem -Recurse $rootpath -Exclude "*.*" | Where-Object {$_.PSisContainer } | ForEach-Object { 
$acl = Get-Acl -Path $_.FullName 
$access = $acl.access 
if ( $access | Where-Object { $_.IsInherited -eq $False }) { 
    Add-Content -Path $outfile $_ 
    $access | Where-Object { $_.IsInherited -eq $False } | ForEach-Object { 

        $i = $_.IdentityReference 
    $t = "`t"
    $r = $_.FileSystemRights
    $c = "$i" "$t" "$t" "$t" "$r"

        Add-Content -Path $outfile $c
    } 
    Add-Content -Path $outfile "" 
    } 
Clear-Variable acl 
Clear-Variable access 
} 
Add-Content -Path $outfile "" 

CodePudding user response:

Seems like you're trying to build a CSV manually, which is definitely not recommended. You can use Export-Csv to export your report to CSV. From what I'm seeing, your code could be simplified to this:

Get-ChildItem O:\ADSMO -Directory -Recurse | ForEach-Object {
    foreach($access in (Get-Acl $_.FullName).Access) {
        # if `IsInherited = $true` go to next iteration
        if($access.IsInherited) { continue }

        [pscustomobject]@{
            FolderName        = $_.Name
            FolderPath        = $_.FullName
            IdentityReference = $access.IdentityReference
            FileSystemRights  = $access.FileSystemRights
        }
    }
} | Export-Csv 'C:\path\to\acls.csv' -NoTypeInformation
  • Related