使用Powershell进行NTFS审计

时间:2013-03-13 20:15:07

标签: powershell permissions ntfs

基本上我有以下脚本生成如下NTFS输出:

Folder Path   IdentityReference    AccessControlType     IsInherited        InheritanceFlags    PropagationFlags
E:\Folder\    DOMAIN\User1         Allow                 True/False         ContainerInherit     Object Inherit
E:\Folder\    DOMAIN\User2         Deny                  True/False         ContainerInherit     Object Inherit

虽然这很有用,但如果不仅仅Allow/Deny我可以得到一个表示Read/Write/Modify/FullControl标志的输出,那就更好了。

请参阅下面的代码,我们非常感谢您的任何想法!

$OutFile = "C:\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile 

$RootPath = "E:\Folder"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
    $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
    Foreach ($ACL in $ACLs){
    $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
    Add-Content -Value $OutInfo -Path $OutFile
    }}

2 个答案:

答案 0 :(得分:2)

您正在寻找的属性是$ACL.FileSystemRights

$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited," +
          "InheritanceFlags,PropagationFlags,FileSystemRights"

#...

$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," +
           $ACL.AccessControlType + "," + $ACL.IsInherited + "," +
           $ACL.InheritanceFlags + "," + $ACL.PropagationFlags + "," +
           $ACL.FileSystemRights

答案 1 :(得分:2)

对于那些希望将其包含在函数中的人,请尝试:

Function Get-FolderPermissions {
 Param($FolderPath)

If(-not (Test-Path $FolderPath)){

    Write-Warning "$FolderPath not valid!"
    return

}

$FolderPath = $(Get-Item $FolderPath).fullname

$ACLs = Get-Acl $FolderPath | ForEach-Object { $_.Access  }

$ACLs | Select-Object @{n='FolderPath';e={$FolderPath}}, IdentityReference, AccessControlType, IsInherited, InheritanceFlags, PropagationFlags, FileSystemRights


}

然后您可以像这样导出到CSV:

Get-FolderPermissions 'C:\Folder' | Export-Csv 'C:\Results.csv' -NoTypeInfo

来自父文件夹的多个文件夹:

$Folders = Get-ChildItem 'C:\Folder' -recurse | where {$_.psiscontainer -eq $true}
$Folders | %{ Get-FolderPermissions $_.FullName } | Export-Csv 'C:\Results.csv' -NoTypeInfo
相关问题
最新问题