Forum Discussion
Get-Acl | Group Names and Permissions
Dear Friends,
I want to query groups and permissions on certain file share path using the powershell script below.
It is currently working and giving the correct output.
[CmdletBinding()]
param
(
[Parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]
$FullPath,
[Parameter(Mandatory = $false)]
$Base64Encoded = $false
)
# Change path to the script location
$ScriptPath = $MyInvocation.MyCommand.Path
$CurrentDir = Split-Path $ScriptPath
Push-Location $CurrentDir
If ($Base64Encoded)
{
$FullPath = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($FullPath))
}
"$([System.Datetime]::Now.ToString("dd/MM/yy HH:mm:ss")) I am run" | Add-Content "C:\Users\3998nt\OneDrive - 3998nt\Documents\Query\Log.txt"
$Output = ""
Write-Verbose "Querying permissions applied on $FullPath ..."
Try
{
$env:UserName | Add-Content "C:\Users\3998nt\OneDrive - 3998nt\Documents\Query\Log.txt"
$FullPath | Add-Content "C:\Users\3998nt\OneDrive - 3998nt\Documents\Query\Log.txt"
$Acl = (Get-Acl -Path $FullPath).Access | Select IdentityReference,FileSystemRights | Where-Object {($_.IdentityReference -ne "BUILTIN\Administrators") -and ($_.IdentityReference -ne "NT AUTHORITY\Authenticated Users") -and ($_.IdentityReference -ne "BUILTIN\Power Users") -and ($_.IdentityReference -ne "BUILTIN\Backup Operators")}
If ($Acl -ne $null)
{
$Groups = $Acl.IdentityReference,$Acl.FileSystemRights
Write-Verbose "Groups found: $($Groups -join ';')"
Foreach ($Group in $Groups)
{
If (($Group -ne "BUILTIN\Administrators") -or ($Group -ne "NT AUTHORITY\Authenticated Users") -or ($Group -ne "BUILTIN\Power Users") -or ($Group -ne "BUILTIN\Backup Operators"))
{
If ($Output -eq "")
{
$Output = $Group -replace "\\D","\G"
}
Else
{
$Output = $Output + ";" + ($Group -replace "\\D","\G")
}
}
}
}
}
Catch
{
Write-Host "An error occurred while querying file share permissions."
Write-Host ($_ | ConvertTo-Json)
}
Write-Output $Output
$Output | Add-Content "C:\Users\3998nt\OneDrive - 3998nt\Documents\Query\Log.txt"
This is the actual output.
Domain\ADM_HOU_DataOp
Domain\G HOU GOMDW Dev Admin
Domain\G GOM Resource Data Management RW
Domain\G GoM Resource AREA RO
;
FullControl
FullControl
Modify, Synchronize
ReadAndExecute, Synchronize
This is the intended output.
Domain\ADM_HOU_DataOp FullControl
Domain\G HOU GOMDW Dev Admin FullControl
Domain\G GOM Resource Data Management RW Modify, Synchronize
Domain\G GoM Resource AREA RO ReadAndExecute, Synchronize
Any help provided will be much appreciated.
Thank you in advanced.
You need to use the PSCustomObject Build your object with the property needed properties and assign the script output to the object. A basic example here https://community.spiceworks.com/topic/2321720-trying-to-write-a-ps-script-to-output-acl-of-folders
Another a bit complex example
https://github.com/farismalaeb/Powershell/blob/master/Get-SharePermission/Test-ShareList.ps1
Thank you for sharing the link. Unfortunately, I found it not helpful.
I already have the script that gives the output that I want except for the formatting.
I would prefer it to be in a table format rather than in list format.
This is the actual output.Domain\ADM_HOU_DataOpDomain\G HOU GOMDW Dev AdminDomain\G GOM Resource Data Management RWDomain\G GoM Resource AREA RO;FullControlFullControlModify, SynchronizeReadAndExecute, SynchronizeThis is the intended output.Domain\ADM_HOU_DataOp FullControlDomain\G HOU GOMDW Dev Admin FullControlDomain\G GOM Resource Data Management RW Modify, SynchronizeDomain\G GoM Resource AREA RO ReadAndExecute, SynchronizeCheers
