PowerShell - NTFS Permissions report

The PowerShell script below provides NTFS permissions report for folders. It includes Path, Identity, Rights and Owner information. Also it has a note if permissions are inherited or not. The script contains some limitations (path over 260 in lengths and some special characters) but in most cases I found it very useful. Especially if you need some quick overview of permissions.

# Start of Script
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[ValidateNotNull()]
[String]$path,
[Parameter(Mandatory=$False)]
[ValidateNotNull()]
[String]$Depth
)
if ($Depth) {
$start = 1
$fpath = @()
for ($i=$start; $i -le $Depth; $i++) {
$Levels = "\*" * $i
$fpath += $path+$Levels
}
$fpath = Get-ChildItem $fpath | where {$_.PSIsContainer -like "True"}
foreach ($folder in $fpath) {
$acl = Get-Acl $folder.fullname
foreach($accessRule in $acl.Access)
{
$Rights = $accessRule.FileSystemRights
$Properties = @{"Path"=$folder.fullname;
"Identity"=$accessRule.IdentityReference;
"Rights"=$Rights;
"Owner" = $acl.owner;
"Inherited"=$accessRule.IsInherited}
$Obj = New-Object -TypeName PSObject -Property $Properties
Write-Output $Obj | select Path,Identity,Rights,Owner,Inherited
}}}
else {$spath = Get-ChildItem $path -Recurse | where {$_.PSIsContainer -like "True"}
foreach ($folder in $spath) {
$acl = Get-Acl $folder.fullname
foreach($accessRule in $acl.Access)
{
$Rights = $accessRule.FileSystemRights
$Properties = @{"Path"=$folder.fullname;
"Identity"=$accessRule.IdentityReference;
"Rights"=$Rights;
"Owner" = $acl.owner;
"Inherited"=$accessRule.IsInherited}
$Obj = New-Object -TypeName PSObject -Property $Properties
Write-Output $Obj | select Path,Identity,Rights,Owner,Inherited
}}}
# End of Script

Usage examples:
# Get NTFS permissions report for folder C:\Test
.\Get-NTFSPermissions.ps1 -path C:\Test

# Get the same report as above but only 2 folders in depth
.\Get-NTFSPermissions.ps1 -path C:\test -Depth 2

No comments:

Post a Comment

(c) 2016 www.fedenko.info - Vyacheslav Fedenko