导出显式 ACL 权限
Export Explicit ACL Permissions
我正在研究一个 Windows 服务器文件安全项目,并且需要对我们的“O:”和所有子文件夹的显式 ACL 权限。我想将其导出为 CSV 格式以便于格式化。我正在寻找可以列出文件夹名称和有权访问该文件夹的安全组或用户的 Powershell 脚本。
$rootpath = "O:\ADSMO"
$outfile = "ExplicitACLs.txt"
New-Variable acl
$Report = @"
Explicit permissions on folders under parent $rootpath.
"@
$Report | out-file -Encoding ASCII -FilePath $outfile
Get-ChildItem -Recurse $rootpath -Exclude "*.*" | Where-Object {$_.PSisContainer } | ForEach-Object {
$acl = Get-Acl -Path $_.FullName
$access = $acl.access
if ( $access | Where-Object { $_.IsInherited -eq $False }) {
Add-Content -Path $outfile $_
$access | Where-Object { $_.IsInherited -eq $False } | ForEach-Object {
$i = $_.IdentityReference
$t = "`t"
$r = $_.FileSystemRights
$c = "$i"+"$t"+"$t"+"$t"+"$r"
Add-Content -Path $outfile $c
}
Add-Content -Path $outfile ""
}
Clear-Variable acl
Clear-Variable access
}
Add-Content -Path $outfile ""
您似乎在尝试手动构建 CSV,绝对不推荐这样做。您可以使用 Export-Csv 将报告导出为 CSV。据我所见,您的代码可以简化为:
Get-ChildItem O:\ADSMO -Directory -Recurse | ForEach-Object {
foreach($access in (Get-Acl $_.FullName).Access) {
# if `IsInherited = $true` go to next iteration
if($access.IsInherited) { continue }
[pscustomobject]@{
FolderName = $_.Name
FolderPath = $_.FullName
IdentityReference = $access.IdentityReference
FileSystemRights = $access.FileSystemRights
}
}
} | Export-Csv 'C:\path\to\acls.csv' -NoTypeInformation
我正在研究一个 Windows 服务器文件安全项目,并且需要对我们的“O:”和所有子文件夹的显式 ACL 权限。我想将其导出为 CSV 格式以便于格式化。我正在寻找可以列出文件夹名称和有权访问该文件夹的安全组或用户的 Powershell 脚本。
$rootpath = "O:\ADSMO"
$outfile = "ExplicitACLs.txt"
New-Variable acl
$Report = @"
Explicit permissions on folders under parent $rootpath.
"@
$Report | out-file -Encoding ASCII -FilePath $outfile
Get-ChildItem -Recurse $rootpath -Exclude "*.*" | Where-Object {$_.PSisContainer } | ForEach-Object {
$acl = Get-Acl -Path $_.FullName
$access = $acl.access
if ( $access | Where-Object { $_.IsInherited -eq $False }) {
Add-Content -Path $outfile $_
$access | Where-Object { $_.IsInherited -eq $False } | ForEach-Object {
$i = $_.IdentityReference
$t = "`t"
$r = $_.FileSystemRights
$c = "$i"+"$t"+"$t"+"$t"+"$r"
Add-Content -Path $outfile $c
}
Add-Content -Path $outfile ""
}
Clear-Variable acl
Clear-Variable access
}
Add-Content -Path $outfile ""
您似乎在尝试手动构建 CSV,绝对不推荐这样做。您可以使用 Export-Csv 将报告导出为 CSV。据我所见,您的代码可以简化为:
Get-ChildItem O:\ADSMO -Directory -Recurse | ForEach-Object {
foreach($access in (Get-Acl $_.FullName).Access) {
# if `IsInherited = $true` go to next iteration
if($access.IsInherited) { continue }
[pscustomobject]@{
FolderName = $_.Name
FolderPath = $_.FullName
IdentityReference = $access.IdentityReference
FileSystemRights = $access.FileSystemRights
}
}
} | Export-Csv 'C:\path\to\acls.csv' -NoTypeInformation