【发布时间】:2019-09-19 02:02:30
【问题描述】:
我想知道是否有一种简单的方法可以列出文件夹及其所有子文件夹的权限,但是一旦从上面的文件夹继承了权限,它就不应该列出该文件夹,因为那样我的列表会太大。我有一些检查文件夹权限的工作方式代码,但现在,它还列出了具有继承权限的文件夹。
$User = "Testumgebung\cbruehwiler"
$UserOhneDomain = "cbruehwiler"
$Path = "T:\"
$List = New-Object System.Collections.Generic.List[System.Object]
$Groups = Get-ADPrincipalGroupMembership $UserOhneDomain
$GroupArrayList = New-Object System.Collections.ArrayList
foreach ($Group in $Groups) {
$GroupArrayList.Add($Group.Name) | Out-Null
}
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
@{name="From" ; expression={$User}}
)
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
foreach ($GroupArrayItem in $GroupArrayList){
if ($Right.IdentityReference -eq ("TESTUMGEBUNG\" + $GroupArrayItem)) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
【问题讨论】:
标签: powershell inheritance active-directory powershell-2.0 acl