PowerShell Get-Acl - 获取成员而不是组
PowerShell Get-Acl - Get members instead of group
在 PowerShell 中,当使用 Get-Acl 时如何显示属于某个组的所有成员而不是组本身?
所以:
Get-ChildItem C:\ | where-object {($_.PsIsContainer)} | Get-Acl | select path -ExpandProperty Access
显示如下:
Path : Microsoft.PowerShell.Core\FileSystem::C:\Test
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
Path : Microsoft.PowerShell.Core\FileSystem::C:\Test
FileSystemRights : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : BUILTIN\Users
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
相反,我希望它列出属于 Administrators/Users 的所有用户以及他们对每个文件夹的权限并丢弃该组。
另外,如何将 Convert-Path 添加到 select 路径语句,以便显示的路径仅为 C:\Test?
谢谢!
我无法通过链接 post and/or PowerShell 访问控制模块解决它,仍然只有组。所以最后我能够通过组合不同的其他有用的 post 来获得我想要的信息,例如:
PowerShell script to return members of multiple security groups
扩展我原来的问题并包括我想要的最终结果,这就是我的做法。它并不漂亮(甚至重复了一小部分代码),大部分代码可能会放在一行中,但就我自己的可读性而言,这样做有点有意义。我也省略了组的丢弃,因为我发现这些信息很有用。
$queryPath = "C:\Test"
$targetFile = "C:\Test.csv"
$Table = @()
$Record = [ordered]@{
"Path" = ""
"IdentityReference" = ""
"Class" = ""
"GrpMember" = ""
}
$foldersToQuery = Get-ChildItem $queryPath | Where {$_.PSIsContainer} | select -expandproperty FullName
foreach ($folder in $foldersToQuery) {
$Record.Path = $folder
$permissions = Get-Acl $folder | select -expandproperty Access
foreach ($permission in $permissions) {
[string]$id = $permission.IdentityReference
$SamAccountName = $id.Split('\')[1]
$ADObject = Get-ADObject -Filter ('SamAccountName -eq "{0}"' -f $SamAccountName) }
$Record.IdentityReference = $permission.IdentityReference.ToString()
switch ($ADObject.ObjectClass) {
'user' {
$Record.Class = $ADObject.ObjectClass
$Record.GrpMember = ""
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
'group' {
$Record.Class = $ADObject.ObjectClass
$members = Get-ADGroupMember $SamAccountName }
foreach ($member in $members) {
$Record.GrpMember = $member.name
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
}
}
}
$Table | export-csv $targetFile -NoTypeInformation -Encoding UTF8
Returning a table like this when formatted
在 PowerShell 中,当使用 Get-Acl 时如何显示属于某个组的所有成员而不是组本身?
所以:
Get-ChildItem C:\ | where-object {($_.PsIsContainer)} | Get-Acl | select path -ExpandProperty Access
显示如下:
Path : Microsoft.PowerShell.Core\FileSystem::C:\Test
FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
Path : Microsoft.PowerShell.Core\FileSystem::C:\Test
FileSystemRights : ReadAndExecute, Synchronize
AccessControlType : Allow
IdentityReference : BUILTIN\Users
IsInherited : False
InheritanceFlags : ContainerInherit, ObjectInherit
PropagationFlags : None
相反,我希望它列出属于 Administrators/Users 的所有用户以及他们对每个文件夹的权限并丢弃该组。
另外,如何将 Convert-Path 添加到 select 路径语句,以便显示的路径仅为 C:\Test?
谢谢!
我无法通过链接 post and/or PowerShell 访问控制模块解决它,仍然只有组。所以最后我能够通过组合不同的其他有用的 post 来获得我想要的信息,例如:
PowerShell script to return members of multiple security groups
扩展我原来的问题并包括我想要的最终结果,这就是我的做法。它并不漂亮(甚至重复了一小部分代码),大部分代码可能会放在一行中,但就我自己的可读性而言,这样做有点有意义。我也省略了组的丢弃,因为我发现这些信息很有用。
$queryPath = "C:\Test"
$targetFile = "C:\Test.csv"
$Table = @()
$Record = [ordered]@{
"Path" = ""
"IdentityReference" = ""
"Class" = ""
"GrpMember" = ""
}
$foldersToQuery = Get-ChildItem $queryPath | Where {$_.PSIsContainer} | select -expandproperty FullName
foreach ($folder in $foldersToQuery) {
$Record.Path = $folder
$permissions = Get-Acl $folder | select -expandproperty Access
foreach ($permission in $permissions) {
[string]$id = $permission.IdentityReference
$SamAccountName = $id.Split('\')[1]
$ADObject = Get-ADObject -Filter ('SamAccountName -eq "{0}"' -f $SamAccountName) }
$Record.IdentityReference = $permission.IdentityReference.ToString()
switch ($ADObject.ObjectClass) {
'user' {
$Record.Class = $ADObject.ObjectClass
$Record.GrpMember = ""
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
'group' {
$Record.Class = $ADObject.ObjectClass
$members = Get-ADGroupMember $SamAccountName }
foreach ($member in $members) {
$Record.GrpMember = $member.name
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord
}
}
}
}
}
$Table | export-csv $targetFile -NoTypeInformation -Encoding UTF8
Returning a table like this when formatted