如何让 -Depth 开关在脚本中工作?
How to get the -Depth switch to work in a script?
我试图限制此脚本的递归深度,该脚本生成文件夹列表、关联的安全组以及每个组的成员。我正在使用 PowerShell 5.1。
我尝试在第 18 行添加 -Depth 3(如下所示),但我仍然获得了所有级别。当我 运行 脚本时,我尝试在命令行上添加 -Depth 3,但那是错误的。
这是我用来 运行 脚本的命令:
./Get_folder_acls_depth_test.ps1 -Path I:\dir_name -Recurse | Export-Csv c:\temp\dir_name.csv
我也试过了,但出现错误:
./Get_folder_acls_depth_test.ps1 -Path I:\dir_name -Recurse -Depth 3 | Export-Csv c:\temp\dir_name.csv
[CmdletBinding()]
Param(
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(Mandatory=$true)]
[string]$Path,
[switch]$Recurse
)
Write-Verbose "$(Get-Date): Script begins!"
Write-Verbose "Getting domain name..."
$Domain = (Get-ADDomain).NetBIOSName
Write-Verbose "Getting ACLs for folder $Path"
if ($Recurse) {
Write-Verbose "...and all sub-folders"
Write-Verbose "Gathering all folder names, this could take a long time on bigger folder trees..."
$Folders = Get-ChildItem -Path $Path -Directory -Recurse -Depth 3
} else {
$Folders = Get-Item -Path $Path
}
Write-Verbose "Gathering ACL's for $($Folders.Count) folders..."
foreach ($Folder in $Folders) {
Write-Verbose "Working on $($Folder.FullName)..."
$ACLs = Get-Acl $Folder.FullName | ForEach-Object { $_.Access }
foreach ($ACL in $ACLs) {
if ($ACL.IdentityReference -match "\") {
if ($ACL.IdentityReference.Value.Split("\")[0].ToUpper() -eq $Domain.ToUpper()) {
$Name = $ACL.IdentityReference.Value.Split("\")[1]
if ((Get-ADObject -Filter 'SamAccountName -eq $Name').ObjectClass -eq "group") {
foreach ($User in (Get-ADGroupMember $Name -Recursive | Select -ExpandProperty Name)) {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = $Name
User = $User
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
} else {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = ""
User = Get-ADUser $Name | Select -ExpandProperty Name
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
} else {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = ""
User = $ACL.IdentityReference.Value
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
}
}
}
Write-Verbose "$(Get-Date): Script completed!"
该脚本适用于所有级别,我只想将其限制为 2-4 级。
我测试了你的脚本,以检查你的 if/else 语句是否正常工作,我得到了正确的结果:
function Test-Recurse {
Param(
[ValidateScript( {Test-Path $_ -PathType Container})]
[Parameter(Mandatory = $true)]
[string]$Path,
[switch]$Recurse
)
begin {
Write-Verbose "$(Get-Date): Script begins!"
$folders = $null
}
process {
if ($Recurse) {
Write-Output -InputObject "Recurse has been selected"
$folders = Get-ChildItem -Path $Path -Directory -Recurse -Depth 3
}
else {
Write-Output -InputObject "Recurse has NOT been selected"
$folders = Get-ChildItem -Path $Path -Directory
}
}
end {
return $folders.fullName
}
}
PS C:\GitHub\Guyver1wales\PowerShell> Test-Recurse -Path c:\programdata\razer
没有选择递归
C:\programdata\razer\安装程序
C:\programdata\razer\Razer Central
C:\programdata\razer\RzEndpointPicker
C:\programdata\razer\服务
C:\programdata\razer\ServiceSetup
C:\programdata\razer\突触
PS C:\GitHub\Guyver1wales\PowerShell> Test-Recurse -Path
c:\programdata\razer -递归
已选择递归
C:\programdata\razer\安装程序
C:\programdata\razer\Razer Central
C:\programdata\razer\RzEndpointPicker
C:\programdata\razer\服务
C:\programdata\razer\ServiceSetup
C:\programdata\razer\突触
C:\programdata\razer\安装程序\日志
C:\programdata\razer\雷蛇Central\Icons
C:\programdata\razer\雷蛇Central\Logs
C:\programdata\razer\雷蛇Central\Icons\暗黑
C:\programdata\razer\Razer Central\Icons\Lifestyle
C:\programdata\razer\RazerCentral\Icons\Light
C:\programdata\razer\RzEndpointPicker\账户
C:\programdata\razer\服务\日志
C:\programdata\razer\Synapse\Accounts
C:\programdata\razer\Synapse\CrashReporter
C:\programdata\razer\Synapse\Devices
C:\programdata\razer\Synapse\Logs
C:\programdata\razer\Synapse\Mats
C:\programdata\razer\Synapse\Modules
...
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerCommonConfig
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerDeathAdder3500Config
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerFonts
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\Razer_Common_Driver
PS C:\GitHub\Guyver1wales\PowerShell>
-深度从0开始所以-深度3会显示4个子文件夹:
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerDeathAdder3500Config
0 = \突触
1 = \ProductsUpdates
2 = \卸载程序
3 = \RazerDeathAdder3500Config
我试图限制此脚本的递归深度,该脚本生成文件夹列表、关联的安全组以及每个组的成员。我正在使用 PowerShell 5.1。
我尝试在第 18 行添加 -Depth 3(如下所示),但我仍然获得了所有级别。当我 运行 脚本时,我尝试在命令行上添加 -Depth 3,但那是错误的。
这是我用来 运行 脚本的命令:
./Get_folder_acls_depth_test.ps1 -Path I:\dir_name -Recurse | Export-Csv c:\temp\dir_name.csv
我也试过了,但出现错误:
./Get_folder_acls_depth_test.ps1 -Path I:\dir_name -Recurse -Depth 3 | Export-Csv c:\temp\dir_name.csv
[CmdletBinding()]
Param(
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(Mandatory=$true)]
[string]$Path,
[switch]$Recurse
)
Write-Verbose "$(Get-Date): Script begins!"
Write-Verbose "Getting domain name..."
$Domain = (Get-ADDomain).NetBIOSName
Write-Verbose "Getting ACLs for folder $Path"
if ($Recurse) {
Write-Verbose "...and all sub-folders"
Write-Verbose "Gathering all folder names, this could take a long time on bigger folder trees..."
$Folders = Get-ChildItem -Path $Path -Directory -Recurse -Depth 3
} else {
$Folders = Get-Item -Path $Path
}
Write-Verbose "Gathering ACL's for $($Folders.Count) folders..."
foreach ($Folder in $Folders) {
Write-Verbose "Working on $($Folder.FullName)..."
$ACLs = Get-Acl $Folder.FullName | ForEach-Object { $_.Access }
foreach ($ACL in $ACLs) {
if ($ACL.IdentityReference -match "\") {
if ($ACL.IdentityReference.Value.Split("\")[0].ToUpper() -eq $Domain.ToUpper()) {
$Name = $ACL.IdentityReference.Value.Split("\")[1]
if ((Get-ADObject -Filter 'SamAccountName -eq $Name').ObjectClass -eq "group") {
foreach ($User in (Get-ADGroupMember $Name -Recursive | Select -ExpandProperty Name)) {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = $Name
User = $User
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
} else {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = ""
User = Get-ADUser $Name | Select -ExpandProperty Name
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
} else {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = ""
User = $ACL.IdentityReference.Value
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
}
}
}
Write-Verbose "$(Get-Date): Script completed!"
该脚本适用于所有级别,我只想将其限制为 2-4 级。
我测试了你的脚本,以检查你的 if/else 语句是否正常工作,我得到了正确的结果:
function Test-Recurse {
Param(
[ValidateScript( {Test-Path $_ -PathType Container})]
[Parameter(Mandatory = $true)]
[string]$Path,
[switch]$Recurse
)
begin {
Write-Verbose "$(Get-Date): Script begins!"
$folders = $null
}
process {
if ($Recurse) {
Write-Output -InputObject "Recurse has been selected"
$folders = Get-ChildItem -Path $Path -Directory -Recurse -Depth 3
}
else {
Write-Output -InputObject "Recurse has NOT been selected"
$folders = Get-ChildItem -Path $Path -Directory
}
}
end {
return $folders.fullName
}
}
PS C:\GitHub\Guyver1wales\PowerShell> Test-Recurse -Path c:\programdata\razer
没有选择递归
C:\programdata\razer\安装程序
C:\programdata\razer\Razer Central
C:\programdata\razer\RzEndpointPicker
C:\programdata\razer\服务
C:\programdata\razer\ServiceSetup
C:\programdata\razer\突触
PS C:\GitHub\Guyver1wales\PowerShell> Test-Recurse -Path
c:\programdata\razer -递归
已选择递归
C:\programdata\razer\安装程序
C:\programdata\razer\Razer Central
C:\programdata\razer\RzEndpointPicker
C:\programdata\razer\服务
C:\programdata\razer\ServiceSetup
C:\programdata\razer\突触
C:\programdata\razer\安装程序\日志
C:\programdata\razer\雷蛇Central\Icons
C:\programdata\razer\雷蛇Central\Logs
C:\programdata\razer\雷蛇Central\Icons\暗黑
C:\programdata\razer\Razer Central\Icons\Lifestyle
C:\programdata\razer\RazerCentral\Icons\Light
C:\programdata\razer\RzEndpointPicker\账户
C:\programdata\razer\服务\日志
C:\programdata\razer\Synapse\Accounts
C:\programdata\razer\Synapse\CrashReporter
C:\programdata\razer\Synapse\Devices
C:\programdata\razer\Synapse\Logs
C:\programdata\razer\Synapse\Mats
C:\programdata\razer\Synapse\Modules
...
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerCommonConfig
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerDeathAdder3500Config
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerFonts
C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\Razer_Common_Driver
PS C:\GitHub\Guyver1wales\PowerShell>
-深度从0开始所以-深度3会显示4个子文件夹: C:\programdata\razer\Synapse\ProductUpdates\Uninstallers\RazerDeathAdder3500Config
0 = \突触
1 = \ProductsUpdates
2 = \卸载程序
3 = \RazerDeathAdder3500Config