Ran into an instance where a client needed to know what folder(s) a user had implicit access to. They were in a scenario where folders were managed internally and users (not groups) were granted access to specific folders.
The server is a Windows 2008 Standard server.
I ran powershell and then CD'd to the appropriate folder.
dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited -and $_.IdentityReference -like "*username*" } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }}
[ replace "username" with a fully qualified path ie "bsmith" ]
This pulls back a list of all the folders the user has access to. It skips the inherited permissions.
The result came back with a ton of data, so I exported it to a CSV
dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited -and $_.IdentityReference -like "*username*" } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }} | export-csv "exportfilename"
[ replace "exportfilename" with a fully qualified path ie "C:\TEMP\output.csv" ]
You can also remove the username limit to get implicit permissions for all users (this exports to CSV)
dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }} | export-csv "exportfilename"
Thanks to Neothwin for the tip.
Contact Us Chickenlip Consulting Corp. is now running a virtual office!
T: 780-456-6625 info@chickenlip.com www.chickenlip.com