-
-
Save irwins/70aec4ef750c21d1fff776cfb7d4d6a4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Flags()] Enum AccessMask{ | |
| Read = 1 | |
| Write = 2 | |
| Append = 4 | |
| ReadExtendedAttributes = 8 | |
| WriteExtendedAttributes = 16 | |
| Execute = 32 | |
| DeleteDirectory = 64 | |
| ReadAttributes = 128 | |
| WriteAttributes = 256 | |
| Delete = 65536 | |
| ReadSecurity = 131072 | |
| WriteACL = 262144 | |
| WriteOwner = 524288 | |
| Synchronize = 1048576 | |
| } | |
| class aclsFolder{ | |
| [String]$Folder | |
| [String]$SDDL | |
| [String]$Owner | |
| [PSObject[]]$Access | |
| [PSObject[]]$ActionHistory | |
| #Default Constructor | |
| aclsFolder($fldr){ | |
| if(Test-Path -Path $fldr){ | |
| $this.Folder = $fldr | |
| $Tags = @('Default','Constructor','valid') | |
| $MessageData = "Path $($fldr) found" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| $this.Backup() | |
| } | |
| else{ | |
| $Tags = @('Default','Constructor','invalid') | |
| $MessageData = "Path $($fldr) not found" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| } | |
| } | |
| #Methods | |
| Backup(){ | |
| if(Test-Path $this.Folder){ | |
| $result = Get-Acl $this.Folder | |
| $this.SDDL = $result.Sddl | |
| $this.Owner = $result.Owner | |
| $this.Access = $($result.Access | Select-Object File*,Access*,Identity*,IsInherited,*Flags) | |
| $Tags = @('Backup','Success') | |
| $MessageData = "Backup SDDL of $($this.Folder) was successful" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| } | |
| else{ | |
| Write-Warning "Invalid Path $($this.Folder)" | |
| $Tags = @('Backup','Failed') | |
| $MessageData = "Backup SDDL of $($this.Folder) has failed" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| } | |
| } | |
| Restore(){ | |
| if((Test-Path $this.Folder) -and | |
| ![string]::isNullOrEmpty($this.SDDL) -and | |
| [Security.AccessControl.RawSecurityDescriptor]$this.SDDL){ | |
| $acl = Get-Acl -Path $this.Folder | |
| $acl.SetSecurityDescriptorSddlForm($this.SDDL) | |
| Set-Acl -Path $($this.Folder) -AclObject $($acl) | |
| $Tags = @('Restore', 'Success') | |
| $MessageData = "Restoring SDDL on $($this.Folder) was succesful" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| #Reset values | |
| $this.Backup() | |
| } | |
| else{ | |
| Write-Warning "Invalid Path $($this.Folder) or SDDL is invalid" | |
| $Tags = @('Restore', 'Failed') | |
| $MessageData = "Restoring SDDL on $($this.Folder) has failed" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| } | |
| } | |
| Clone($tgt){ | |
| if((Test-Path -Path $tgt) -and | |
| ![string]::isNullOrEmpty($this.SDDL) -and | |
| [Security.AccessControl.RawSecurityDescriptor]$this.SDDL){ | |
| $acl = Get-Acl -Path $tgt | |
| $acl.SetSecurityDescriptorSddlForm($this.SDDL) | |
| Set-Acl -Path $($tgt) -AclObject $($acl) | |
| $Tags = @('Clone', 'Success') | |
| $MessageData = "Cloning SDDL on $($this.Folder) was succesful" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| } | |
| else{ | |
| Write-Warning "Invalid Path $($this.Folder) or SDDL is invalid" | |
| $Tags = @('Clone', 'Failed') | |
| $MessageData = "Cloning SDDL on $($this.Folder) has failed" | |
| $this.ActionHistory += Write-Information -MessageData $MessageData 6>&1 -Tags $Tags | Select-Object * | |
| } | |
| } | |
| [PSObject]ConvertSDDLToAccess(){ | |
| Function Convert-SID2NTAccount{ | |
| param( | |
| $SID | |
| ) | |
| $objSID = New-Object System.Security.Principal.SecurityIdentifier($SID) | |
| $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) | |
| $objUser | |
| } | |
| $accessSDDL = ([Security.AccessControl.RawSecurityDescriptor]$this.SDDL).DiscretionaryAcl | | |
| ForEach-Object{ | |
| [PSCustomObject]@{ | |
| SID = $_.SecurityIdentifier | |
| NTAccount = (Convert-SID2NTAccount -SID $_.SecurityIdentifier) | |
| AceQualifier = $_.AceQualifier | |
| AccessMask = $_.AccessMask | |
| AceType = $_.AceType | |
| AceFlags = $_.AceFlags | |
| IsInherited = $_.IsInherited | |
| InheritanceFlags = $_.InheritanceFlags | |
| } | |
| } | |
| return $accessSDDL | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment