Created
November 3, 2023 09:54
-
-
Save GeoHolz/740d210a200c1b1ccc66a20393fabbec to your computer and use it in GitHub Desktop.
ListUserRightsFolder.ps1 vous permet d'auditer vos répertoires afin d'obtenir la liste compléte des utilisateurs et leurs droits sur les répertoires. Utilisation : .\Get-FolderACL.ps1 -Path CheminLocal_OuReseau | ConvertTo-HTML | Out-File c:\resultat.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.Synopsis | |
This script is used to give the list of users with write access to the given path. | |
.DESCRIPTION | |
This script is used to give the list of users with write access to the given path. | |
-Recurse : The Recurse option allows you to browse also the subdirectories | |
The variable $ListExclusion allows to give groups to be excluded from the result (Example: Admins Domain) | |
Geo Holz https://blog.jolos.fr | |
.EXAMPLE | |
Access.ps1 - Path "PATH_TO_DIRECTORY" -Recurse | |
#> | |
[CmdletBinding()] | |
Param ( | |
[ValidateScript({Test-Path $_ -PathType Container})] | |
[Parameter(Mandatory=$true)] | |
[string]$Path, | |
[switch]$Recurse | |
) | |
$ListExclusion = "local.local\domain admins", "local.local\other_group_to_exclude" | |
Write-Verbose "$(Get-Date): Script begins!" | |
Write-Verbose "Getting domain name..." | |
$Domain = (Get-ADDomain).NetBIOSName | |
Write-Verbose "Getting ACLs for folder $Path" | |
If ($Recurse) | |
{ Write-Verbose "...and all sub-folders" | |
Write-Verbose "Gathering all folder names, this could take a long time on bigger folder trees..." | |
$Folders = Get-ChildItem -Path $Path -Recurse | Where { $_.PSisContainer } | |
} | |
Else | |
{ $Folders = Get-Item -Path $Path | |
} | |
Write-Verbose "Gathering ACL's for $($Folders.Count) folders..." | |
ForEach ($Folder in $Folders) | |
{ Write-Verbose "Working on $($Folder.FullName)..." | |
$ACLs = Get-Acl $Folder.FullName | ForEach-Object { $_.Access } | |
ForEach ($ACL in $ACLs) | |
{ | |
If ($ListExclusion -notcontains $ACL.IdentityReference) | |
{ | |
If ($ACL.IdentityReference -match "\\") | |
{ If ($ACL.IdentityReference.Value.Split("\")[0].ToUpper() -eq $Domain.ToUpper()) | |
{ $Name = $ACL.IdentityReference.Value.Split("\")[1] | |
If ((Get-ADObject -Filter 'SamAccountName -eq $Name').ObjectClass -eq "group") | |
{ ForEach ($User in (Get-ADGroupMember $Name -Recursive | Select -ExpandProperty Name)) | |
{ $Result = New-Object PSObject -Property @{ | |
Path = $Folder.Fullname | |
Group = $Name | |
User = $User | |
FileSystemRights = $ACL.FileSystemRights | |
AccessControlType = $ACL.AccessControlType | |
Inherited = $ACL.IsInherited | |
} | |
$Result | Select Path,Group,User,FileSystemRights,AccessControlType,Inherited | |
} | |
} | |
Else | |
{ $Result = New-Object PSObject -Property @{ | |
Path = $Folder.Fullname | |
Group = "" | |
User = Get-ADUser $Name | Select -ExpandProperty Name | |
FileSystemRights = $ACL.FileSystemRights | |
AccessControlType = $ACL.AccessControlType | |
Inherited = $ACL.IsInherited | |
} | |
$Result | Select Path,Group,User,FileSystemRights,AccessControlType,Inherited | |
} | |
} | |
Else | |
{ $Result = New-Object PSObject -Property @{ | |
Path = $Folder.Fullname | |
Group = "" | |
User = $ACL.IdentityReference.Value | |
FileSystemRights = $ACL.FileSystemRights | |
AccessControlType = $ACL.AccessControlType | |
Inherited = $ACL.IsInherited | |
} | |
$Result | Select Path,Group,User,FileSystemRights,AccessControlType,Inherited | |
} | |
} | |
} | |
} | |
} | |
Write-Verbose "$(Get-Date): Script completed!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Work with Dashimo :
$TestRR = .\ListUser.ps1 -Path ....PATH...
Dashboard -Name "Dashboard" -FilePath .\testdash.html -Show {
Table -DataTable $TestRR -PagingLength 100 {
TableConditionalFormatting -Name 'AccessControlType' -ComparisonType string -Operator eq -Value 'Allow' -Color Green
TableConditionalFormatting -Name 'AccessControlType' -ComparisonType string -Operator eq -Value 'Deny' -Color Red
New-TableRowGrouping -Name 'Group' -Color black -BackgroundColor LightBlue
}
}