Powershell: Folders ACL Parser
From Mike Beane's Blog
Purpose
We utilize AD Security Groups as the ACL mechanism for shared folders and sometimes someone wants a report of who has access to what or it's good to look at sometimes. This script reads the top level folders from the designated $PATH and grabs the ACL list, then asks AD for members of the SecGrp. Output to text.
To Do
- This was a hackjob.
Code
$PATH="E:\SHARES\" $DOMAIN="YOURDOMAIN\" #Ex: YOURDOMAIN\ ####################### #$date = get-date -Format d $OUTPUT="ACL.txt" write-host $OUTPUT Remove-Item $output $FOLDERS=Get-ChildItem -path $PATH -Directory foreach ($FOLDER in $FOLDERS) { $FULLPATH=$PATH + $FOLDER write-host $FULLPATH Add-Content "$OUTPUT" "" Add-Content "$OUTPUT" "_____________________________" Add-Content "$OUTPUT" "" Add-Content "$OUTPUT" "$FULLPATH" $ACL_ACCESS=(Get-Acl -Path $FULLPATH).Access.IdentityReference foreach ($ACL in $ACL_ACCESS) { if ($ACL -like '*FILEACCESS_*') #looking for specific AD SecGrps prefixes { #write-host "$ACL" $ACL=$ACL -replace "$DOMAIN\","" Add-Content "$OUTPUT" "$ACL" #write-host $ACL $ACCESS=Get-ADGroupMember -Identity "$ACL" -Recursive | Select-Object -ExpandProperty Name foreach ($MEMBER in $ACCESS) { Add-Content "$OUTPUT" "$MEMBER" } } } }