-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathReport-FileSystemPermissions.ps1
84 lines (59 loc) · 4.46 KB
/
Report-FileSystemPermissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<#
$Metadata = @{
Title = "Report Filesystem Permissions"
Filename = "Report-FileSystemPermissions.ps1"
Description = ""
Tags = ""powershell, sharepoint, function, report"
Project = ""
Author = "Janik von Rotz"
AuthorContact = "http://janikvonrotz.ch"
CreateDate = "2013-07-11"
LastEditDate = "2013-07-11"
Version = "1.0.0"
License = @'
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Switzerland License.
To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/ch/ or
send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
'@
}
#>
function Report-FileSystemPermissions{
<#
.SYNOPSIS
Report permissions on filesystem directories.
.DESCRIPTION
Report permissions on filesystem directories.
.PARAMETER Path
Path of the directory to report
.PARAMETER Levels
Levels of subdirectories to report
.EXAMPLE
PS C:\> Report-SPSecurableObjectPermissions -Path "D:\Data" -Levels 3
#>
param(
[parameter(Mandatory=$true)]
[String]$Path,
[parameter(Mandatory=$true)]
[int]$Levels
)
#--------------------------------------------------#
# main
#--------------------------------------------------#
$FileSystemPermissionReport = @()
$FSfolders = Get-ChildItemRecurse -Path $Path -Levels $Levels -OnlyDirectories
foreach ($FSfolder in $FSfolders)
{
Write-Progress -Activity "Anlayse access rights" -status $FSfolder.FullName -percentComplete ([int]([array]::IndexOf($FSfolders, $FSfolder)/$FSfolders.Count*100))
# read access rights
$Acls = Get-Acl -Path $FSfolder.Fullname
foreach($Acl in $Acls.Access){
if($Acl.IsInherited -eq $false){
$Member = $Acl.IdentityReference -replace ".*?\\",""
$FileSystemPermissionReport += New-ObjectSPReportItem -Name $FSfolder.Name -Url $FSfolder.FullName -Member $Member -Permission $Acl.FileSystemRights -Type "Directory"
}else{
break
}
}
}
return $FileSystemPermissionReport
}