PowerShell 为具有组的用户获取对文件夹的权限
PowerShell get permissions on a folder for a user with group
我必须打印用户对特定文件夹的权限。下面,我有一个工作代码。但是,它仅在用户已被特别授予权限时才进行扫描。现在我还想检查用户所属的组是否对该文件夹具有权限。
我考虑过列出我的用户是 MemberOf 的所有组,然后将它们添加到通用列表中。之后,我将为该列表的每个条目执行以下代码。
$User = "testumgebung\cbruehwiler"
$Path = "T:\"
# Generic list object to store output in
$List = New-Object System.Collections.Generic.List[System.Object]
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
# @{name="User" ; expression={$User}}
)
# Store all objects in variable
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
# Iterate through every object
foreach ($Item in $FileSystemObjects) {
# Iterate through every individual user right within each object
# Add it to our list if it matchers our $User
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
我的列表打印文件夹名称、不同的权限以及是否具有访问权限。我真的不想改变太多结构。
我找到了解决办法。
Import-Module ActiveDirectory
$User = "Testumgebung\cbruehwiler"
$UserOhneDomain = "cbruehwiler"
$Path = "T:\"
$List = New-Object System.Collections.Generic.List[System.Object]
$Groups = Get-ADPrincipalGroupMembership $UserOhneDomain
$GroupArrayList = New-Object System.Collections.ArrayList
foreach ($Group in $Groups)
{
$GroupArrayList.Add($Group.Name) | Out-Null
}
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
# @{name="User" ; expression={$User}}
)
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User)
{
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
foreach ($GroupArrayItem in $GroupArrayList){
if ($Right.IdentityReference -eq ("TESTUMGEBUNG\" + $GroupArrayItem))
{
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
此脚本检查用户对文件或共享的所有权限,包括用户所属的所有组。
您只需使用 "DOMAIN\username" 变体和 "username" 变体输入一次用户。
希望对您有所帮助
我必须打印用户对特定文件夹的权限。下面,我有一个工作代码。但是,它仅在用户已被特别授予权限时才进行扫描。现在我还想检查用户所属的组是否对该文件夹具有权限。
我考虑过列出我的用户是 MemberOf 的所有组,然后将它们添加到通用列表中。之后,我将为该列表的每个条目执行以下代码。
$User = "testumgebung\cbruehwiler"
$Path = "T:\"
# Generic list object to store output in
$List = New-Object System.Collections.Generic.List[System.Object]
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
# @{name="User" ; expression={$User}}
)
# Store all objects in variable
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
# Iterate through every object
foreach ($Item in $FileSystemObjects) {
# Iterate through every individual user right within each object
# Add it to our list if it matchers our $User
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
我的列表打印文件夹名称、不同的权限以及是否具有访问权限。我真的不想改变太多结构。
我找到了解决办法。
Import-Module ActiveDirectory
$User = "Testumgebung\cbruehwiler"
$UserOhneDomain = "cbruehwiler"
$Path = "T:\"
$List = New-Object System.Collections.Generic.List[System.Object]
$Groups = Get-ADPrincipalGroupMembership $UserOhneDomain
$GroupArrayList = New-Object System.Collections.ArrayList
foreach ($Group in $Groups)
{
$GroupArrayList.Add($Group.Name) | Out-Null
}
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
# @{name="User" ; expression={$User}}
)
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User)
{
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
foreach ($GroupArrayItem in $GroupArrayList){
if ($Right.IdentityReference -eq ("TESTUMGEBUNG\" + $GroupArrayItem))
{
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
此脚本检查用户对文件或共享的所有权限,包括用户所属的所有组。
您只需使用 "DOMAIN\username" 变体和 "username" 变体输入一次用户。
希望对您有所帮助