我写了2个函数(不是直接来自我),它创建了一个带有文件夹ACL的文件。 First函数创建一个带有max的文件夹List。深度参数 第二个函数根据第一个函数
的输出创建一个输出文件,其中包含每个文件夹的ACL欢迎使用代码或语法增强功能/ bugrixe。 抱歉我的英文不好!
输出示例:
Path : D:\pub\
AccessToString :
NT-AUTORITÄT\Authentifizierte Benutzer Allow ReadAndExecute, Synchronize
Domain\Group_Sales_RW Allow Modify, Synchronize
Domain\User4711 Allow Modify, Synchronize
NT-AUTORITÄT\SYSTEM Allow FullControl
VORDEFINIERT\Administratoren Allow FullControl
Domain\Administrator Allow FullControl
2个功能:
function ListSubDir {
<#
.Synopsis
Lists Subfolders
.Description
Lists Subfolders
.Example
ListSubDir -Searchpath "D:" -Depth "2"
#>
param ( $Searchpath=$env:USERPROFILE,
$Depth=2 )
if ($Depth -gt 0) {
GCI $Searchpath -ea SilentlyContinue |Where-Object {$_.psiscontainer} | % { ListSubDir -Searchpath $_.fullname -Depth ($Depth-1)
return $_ }
}
}
function Get-DirectoryRights {
<#
.Synopsis
.Description
Exports Direcory ACLs to a .txt File
.Example
Foreach ($Path in (GCI "D:\Users" -recurse -ea SilentlyContinue | where {$_.psiscontainer})) {get-directoryrights -Searchpath $Path.fullname -output "d:\ACL-Log.txt"}
.Example
#>
param ( $Searchpath="$ENV:Userprofile",
$Output="$Env:Temp\AusgabeACL.txt",
$XMLTemp="$env:temp\acldata.xml")
$Folder= $Searchpath | Get-ACL -ea SilentlyContinue
$Folder| Select @{Name=”Path”;Expression={$_.PSPath.Substring($_.PSPath.IndexOf(“:”)+2) }},Owner,Access,AccessToString,@{Name=”Reported”;Expression={(Get-Date).ToShortDateString()}}, @{Name=”Computername”;Expression={$env:computername}} | Export-Clixml $XMLTemp
$acl = Import-Clixml $XMLTemp
$acl | where {$_.access } | format-list path,AccessToString | out-file $Output -append
}
当前函数调用:
$Folderlist= ListSubDir -Searchpath d:\pub -Depth 2
Get-directoryrights -Searchpath $Folderlist.fullname -Output D:\ausgabe.txt
为了简化文件服务器管理,我们希望消除所有特定于用户的AC,并通过组ACL替换它们。 当前输出看起来很好,但是可以仅列出特定用户/或OU成员所在的文件夹?
例如:使用第三个函数,我想列出用字符“w01”开头的用户名(W01代表site01 - &gt;我们的总部)并将它们传递给其他函数以仅获取文件夹给予用户权利,如:
Path : D:\pub\
AccessToString :
Domain\W01Username Allow Modify, Synchronize
第三个功能:
function GetADUser {
<#
.Description
List AD User Details
.Example
getaduser -SearchString "w01*"
#>
param ( $Searchbase = "OU=_Benutzer,DC=Vogler-GMBH,DC=com",
$SearchString = "*"
)
get-aduser -Filter 'SamAccountName -like $Searchstring -or Givenname -like $Searchstring' -SearchBase $Searchbase | select *
}
答案 0 :(得分:2)
通常,您应该避免将函数输出到文件。让它输出一个对象,然后你可以格式化并输出该对象到文件中。这种情况就是一个很好的例子。稍微改变你的脚本并将其输出到对象。我还添加了一点点来过滤用户。看看这个:
function Get-DirectoryRights {
<#
.Synopsis
.Description
Exports Direcory ACLs (optionally filters for a user name)
.Example
Foreach ($Path in (GCI "D:\Users" -recurse -ea SilentlyContinue | where {$_.psiscontainer})) {get-directoryrights -Searchpath $Path.fullname -UserFilter "JDoe"}
.Example
#>
param ( $Searchpath="$ENV:Userprofile",
$UserFilter )
if($UserFilter){
$Searchpath | Get-ACL -ea SilentlyContinue | Where {($_.Access|select -ExpandProperty IdentityReference) -match $UserFilter} | Select @{Name=”Path”;Expression={$_.PSPath.Substring($_.PSPath.IndexOf(“:”)+2) }},Owner,Access,AccessToString,@{Name=”Reported”;Expression={(Get-Date).ToShortDateString()}}, @{Name=”Computername”;Expression={$env:computername}}
}else{
$Searchpath | Get-ACL -ea SilentlyContinue | Where {$_.Access} | Select @{Name=”Path”;Expression={$_.PSPath.Substring($_.PSPath.IndexOf(“:”)+2) }},Owner,Access,AccessToString,@{Name=”Reported”;Expression={(Get-Date).ToShortDateString()}}, @{Name=”Computername”;Expression={$env:computername}}
}
}
然后你会像你一样运行它,但你会格式化并将其输出到函数之外。
$Folderlist= ListSubDir -Searchpath d:\pub -Depth 2
Get-directoryrights -Searchpath $Folderlist.fullname |FL Path,AccessToString | Out-File D:\ausgabe.txt
如果您要过滤以W01开头的域用户,您可以执行以下操作:
Get-DirectoryRights -Searchpath $Folderlist.fullname -UserFilter "YourDomainName\W01" |FL Path,AccessToString | Out-File D:\ausgabe.txt