|
Function Get-SharedFolderACL { |
|
|
|
<# |
|
.Synopsis |
|
Recursively steps through folders and collects the Access Control List |
|
.DESCRIPTION |
|
Run the cmdlet against one or more Mapped Drives or Shares and it will create a .txt file with the ACLs of every folder in the structure |
|
If you are getting the ACL from a share with many nested folders then it will take a significant amount of time to run |
|
and the resulting .txt files can be quite large |
|
.PARAMETER Shares |
|
Either the drive letter or UNC path of the share you want to collect ACLs from |
|
.PARAMETER FileLoc |
|
The location where you want to save the file |
|
.EXAMPLE |
|
Get-COS-SharedFolder-ACL z: |
|
Get-COS-SharedFolder-ACL z:,\\share\folder |
|
.EXAMPLE |
|
Get-COS-SharedFolder-ACL z:,\\share\folder -FileLoc c:\MyFavoriteFolder |
|
.NOTES |
|
Version: 2.0 |
|
Revision Date: 6/16/2014 |
|
#> |
|
|
|
[CmdletBinding()] |
|
|
|
Param ( |
|
[parameter( |
|
Position=0, |
|
Mandatory=$true, |
|
ValueFromPipeline=$true, |
|
HelpMessage='The UNC path or Mapped Drive letter you wish to process on')] |
|
[string[]]$Shares, |
|
|
|
[parameter( |
|
Position=1, |
|
HelpMessage='Location to save the ouput files, defaut: C:\PSResults\')] |
|
[string]$FileLoc="$env:SystemDrive\PSResults" |
|
) |
|
|
|
Begin { |
|
if (!(Test-Path $FileLoc)) { # Check if we have an output directory, if not, create one |
|
New-Item -Path $FileLoc -ItemType Directory | Out-Null |
|
} |
|
} |
|
|
|
Process { |
|
foreach ($share in $shares) { |
|
# Mapped drives start at F: in my environment, this checks if it's a mapped drive |
|
if ("$share" -match "^[f-zF-Z]:") { |
|
# Splitting to get just the drive letter |
|
$share = $share.Split(':\')[0] |
|
Write-Debug "Step one, Share is $share" |
|
# This will get me the root of the mapping, i.e. \\share\folder |
|
$share = (Get-PSDrive -Name $share).DisplayRoot |
|
Write-Debug "Step two, Share is $share" |
|
} |
|
if (Split-Path $share -Resolve) { |
|
Write-Debug "Split-Path $share -Resolve is TRUE" |
|
# I learned that Split-Path doesn't return TRUE if you map to \\share\folder ` |
|
# it has to be \\share\folder\folder |
|
$path = Split-Path $share -Leaf |
|
} else { |
|
Write-Debug "Split-Path $share -Resolve is FALSE" |
|
# Again, if mapped to \\share\folder, this will return 'folder' |
|
$path = $share.Split('\')[-1] |
|
} |
|
$filepath = $fileloc + '\' + $path + '-ACL.txt' |
|
Write-Debug "the file path is $filepath" |
|
|
|
# build the report file |
|
Write-Output "Permissions for directories in: $share" | Format-Table | Out-File -Append $filepath |
|
Write-Output "Report Run Time: $((Get-Date).DateTime)" | Format-Table | Out-File -Append $filepath |
|
Write-Output `n | Format-Table | Out-File -Append $filepath |
|
|
|
# processing the folders here |
|
Get-ChildItem -path $share -force -Recurse -Directory | ForEach-Object { |
|
(Convert-Path $_.pspath) | Format-Table | Out-File -Append $filepath |
|
Get-Acl -path (Convert-Path $_.pspath) | Format-List -property AccessToString | Out-File -append $filepath |
|
} #end Get-Acl ForEach |
|
} #end $share ForEach |
|
} |
|
|
|
End { |
|
Write-Host -ForegroundColor DarkCyan "`nFinished writing share ACL(s)" |
|
} |
|
} |