我正在尝试使用Get-ACL
函数扫描目录中的子文件夹。我正在修改我在这里找到的工作脚本,它将输出转换为.csv
文件。如果我能得到输出,那么每行包含 所有 每个文件夹的IdentityReference
值会很棒。但是,我的最佳尝试导致此错误:
方法调用失败,因为[System.Security.Principal.NTAccount]不包含名为“op_Addition”的方法。
以下是代码:
$OutFile = "C:\Admin\Permissions.csv"
$Header = "FolderPath,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "I:\Users\ES"
$Folders = GCI $RootPath\* | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutIR = $ACL.IdentityReference
$OutIR += ","
}
$OutInfo = $Folder.Fullname + "," + $OutIR + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}
我尝试使用变量$OutIR
来捕获所有IdentityReferences
,然后在结尾处将$OutIR
添加到结果中。将列出每个文件夹并在同一行上显示所有IdentityReference
。
更新的>非常感谢所有帮助到目前为止!这两个代码都很有效(真棒!),但我真的想调整输出。顺便说一句,这是我第一次在这里寻求帮助,让真正的脚本人员真正看到它真棒!
我在Windows 2012 R2计算机上使用Powershell 4.0。
我得到的输出示例是:
"I:\Users\ES\aalvarez","NT AUTHORITY\SYSTEM","Allow","False","ContainerInherit, ObjectInherit","None"
"I:\Users\ES\aalvarez","BUILTIN\Administrators","Allow","False","ContainerInherit, ObjectInherit","None"
"I:\Users\ES\aalvarez","XXX\aralvare","Allow","False","ContainerInherit, ObjectInherit","None"
我想要的输出是:
"I:\Users\ES\aalvarez","NT AUTHORITY\SYSTEM","BUILTIN\Administrators","XXX\aralvare","Allow","False","ContainerInherit, ObjectInherit","None"
我的想法是,我可以将1000多名用户放在电子表格中,并快速比较他们的文件夹ACL。再次感谢!
答案 0 :(得分:1)
你没有得到你期望的结果,因为你正在使用该循环的外的循环变量。
改变这个:
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutIR = $ACL.IdentityReference
$OutIR += ","
}
$OutInfo = $Folder.Fullname + "," + $OutIR + "," + $ACL.AccessControlType +
"," + $ACL.IsInherited + "," + $ACL.InheritanceFlags +
"," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}
进入这个:
$Folders | % {
$fpath = $_.FullName
Get-Acl $fpath | select -Expand Access | % {
$fpath + "," + $_.IdentityReference + "," + $_.AccessControlType + "," +
$_.IsInherited + "," + $_.InheritanceFlags + "," + $_.PropagationFlags
}
} | Add-Content -Path $OutFile
由于您要创建以逗号分隔的输出,因此可以使用ConvertTo-Csv
cmdlet和文件夹名称的计算属性完全避免手动字符串连接:
$Folders | % {
$fpath = $_.FullName
Get-Acl $fpath | select -Expand Access |
select @{n='FolderName';e={$fpath}}, IdentityReference, AccessControlType,
IsInherited, InheritanceFlags, PropagationFlags
} | ConvertTo-Csv -NoType | select -Skip 1 | Add-Content -Path $OutFile
如果您不介意标题行,您也可以直接将数据导出为CSV:
$Folders | % {
...
} | Export-Csv $OutFile -NoType
答案 1 :(得分:0)
我看到mjolinor已经发表评论,他可能有更好的东西,因为他很棒,但如果是我的话,这就是我想要的。我喜欢有一个对象可以处理所有的事情,如果我想稍后查询它我会让它重新开始。然后我们可以将它导出为CSV,而不是像你一样以一种艰难的方式构建一个。
这是代码:
$OutFile = "C:\Admin\Permissions.csv"
$ACLList =@()
Del $OutFile
$RootPath = "I:\Users\ES"
$Folders = GCI $RootPath\* | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = New-Object -TypeName psobject -Property @{
FolderPath = $Folder.Fullname
IdentityReference = $ACL.IdentityReference.ToString()
AccessControlType = $ACL.AccessControlType.ToString()
IsInherited = $ACL.IsInherited
InheritanceFlags = $ACL.InheritanceFlags
PropagationFlags = $ACL.PropagationFlags}
$ACLList+=$OutInfo
}
}
$ACLList|select FolderPath,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags|export-csv C:\temp\Permissions.csv -NoTypeInformation