Powershell在没有继承的情况下获取文件夹权限
Powershell get Folder permissions without inheritance
我想知道是否有一种简单的方法可以列出一个文件夹及其所有子文件夹的权限,但是一旦从上面的文件夹继承了权限,它就不应该列出该文件夹,因为那样我的列表就会太大。我有一些检查文件夹权限的工作方法代码,但现在,它还列出了具有继承权限的文件夹。
$User = "Testumgebung\cbruehwiler"
$UserOhneDomain = "cbruehwiler"
$Path = "T:\"
$List = New-Object System.Collections.Generic.List[System.Object]
$Groups = Get-ADPrincipalGroupMembership $UserOhneDomain
$GroupArrayList = New-Object System.Collections.ArrayList
foreach ($Group in $Groups) {
$GroupArrayList.Add($Group.Name) | Out-Null
}
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
@{name="From" ; expression={$User}}
)
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
foreach ($GroupArrayItem in $GroupArrayList){
if ($Right.IdentityReference -eq ("TESTUMGEBUNG\" + $GroupArrayItem)) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
您可以使用每次访问的 IsInherited
值将其过滤掉。
if($Right.IsInherited -eq $false){
//do stuff
}
我想知道是否有一种简单的方法可以列出一个文件夹及其所有子文件夹的权限,但是一旦从上面的文件夹继承了权限,它就不应该列出该文件夹,因为那样我的列表就会太大。我有一些检查文件夹权限的工作方法代码,但现在,它还列出了具有继承权限的文件夹。
$User = "Testumgebung\cbruehwiler"
$UserOhneDomain = "cbruehwiler"
$Path = "T:\"
$List = New-Object System.Collections.Generic.List[System.Object]
$Groups = Get-ADPrincipalGroupMembership $UserOhneDomain
$GroupArrayList = New-Object System.Collections.ArrayList
foreach ($Group in $Groups) {
$GroupArrayList.Add($Group.Name) | Out-Null
}
# Fields we want in list, an array of calculated properties.
$OutputFields = @(
@{name="Item" ; expression={$_.Path.split(':',3)[-1]}}
@{name="Rights" ; expression={$Right.FileSystemRights}}
@{name="AccessType" ; expression={$Right.AccessControlType}}
@{name="From" ; expression={$User}}
)
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
if ($Right.IdentityReference -eq $User) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
foreach ($Item in $FileSystemObjects) {
foreach ($Right in $Item.Access) {
foreach ($GroupArrayItem in $GroupArrayList){
if ($Right.IdentityReference -eq ("TESTUMGEBUNG\" + $GroupArrayItem)) {
$List.Add(($Item | Select-Object $OutputFields))
}
}
}
}
$List | Out-File C:\Users\cbruehwiler\Desktop\PermissionCheck.txt
您可以使用每次访问的 IsInherited
值将其过滤掉。
if($Right.IsInherited -eq $false){
//do stuff
}