Powershell offers two cmdlets to administer NTFS permissions of files and folders. get-acl and set-acl. Scant cmdlets for all the work of a SysAdmin. Raimund Andrée bring us NTFSSecurity a powershell module you can find in codeplex.
Moreover since version 3.0 of the module, he has implemented the solution of AlphaFS to the problem of Windows with long paths (MAX_PATH limit of 260 characters).
Here you have a script that traverse all subfolders of a given path and finds inheritance blocks and lists explicit permissions.
Moreover since version 3.0 of the module, he has implemented the solution of AlphaFS to the problem of Windows with long paths (MAX_PATH limit of 260 characters).
Here you have a script that traverse all subfolders of a given path and finds inheritance blocks and lists explicit permissions.
Function logging($msg,$color) { $logfile=($laruta -replace ("[\\/:*?<>|]","_")) + "_security.csv" if ($color -eq $null){$color="white"} write-host $msg -fore $color out-file $logfile -input $msg -append } Function leer-acl($ruta) { TRY{$acl=get-access $ruta -excludeinherited -ErrorAction stop if ($acl -ne $null) { logging "Explicit Permisions $ruta" "magenta" $acl|%{ if ($_.isinherited -eq $false){logging "$($_.account.accountname) $($_.accesscontroltype) $($_.accessrights) $ruta"} }#fin ACL }#fin if ACL null } #try -excludeinherited CATCH{WRITE-HOST $_.Exception.Message -FORE YELLOW logging "No se puede acceder $ruta" "red" }#fin del catch }#fin function leer-acl ##main## import-module .\NTFSSecurity if ($args[0] -eq $null) { $laruta=read-host "Path to check NTFS permissions?" } else { $laruta=$args[0] } $inicio=get-date leer-acl $laruta TRY{$carpetas=dir2 $laruta -recurse|?{$_.Attributes -eq "Directory"} -ErrorAction stop} CATCH{logging "Acceso Denegado $ruta" "red"} foreach ($carpeta in $carpetas) { write-host "." -nonewline leer-acl $carpeta.fullname } $fin=get-date $intTimeInterval_H = [int32]($fin - $inicio).hours $intTimeInterval_M = [int32]($fin - $inicio).minutes logging "hora inicio: $inicio" logging "hora fin: $fin" logging "The process has last $intTimeInterval_H hours and $intTimeInterval_M minutes"
Comments
Post a Comment