Tuesday, June 27, 2017{ Blog} Login
Blog
  

Powershell ACL's to find who has folder structure implicit permissions

Posted by: Michael Yereniuk on 6/26/2014

Ran into an instance where a client needed to know what folder(s) a user had implicit access to. They were in a scenario where folders were managed internally and users (not groups) were granted access to specific folders.

The server is a Windows 2008 Standard server.

I ran powershell and then CD'd to the appropriate folder.

dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited -and $_.IdentityReference -like "*username*" } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }}

[ replace "username" with a fully qualified path ie "bsmith" ]

This pulls back a list of all the folders the user has access to. It skips the inherited permissions.

The result came back with a ton of data, so I exported it to a CSV

dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited -and $_.IdentityReference -like "*username*" } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }} | export-csv "exportfilename"

[ replace "exportfilename" with a fully qualified path ie "C:\TEMP\output.csv" ]

You can also remove the username limit to get implicit permissions for all users (this exports to CSV)

dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }} | export-csv "exportfilename"

Thanks to Neothwin for the tip.

 

Create a trackback from your own site.

0 Comments

Leave A Comment



CAPTCHA image
Please enter the CAPTCHA phrase above.



Recent Comments
  
No Recent Comments Were Found

Contact Us

Chickenlip Consulting Corp.
is now running a virtual office!

T: 780-456-6625

info@chickenlip.com
www.chickenlip.com