For what it is worth, I used custom fields with "get-ace" the make the
permissions more readable:
dir "$folderpath" | where {$_.Attributes -match 'Directory'} | where {$_.Name
-eq "$subfolder" } | get-ace | Format-table Account,@{label = "AccessRights" ;
Expression = { $f = $_.AccessRights; $a = $_.InheritanceFlags; if ($f -eq
'ReadAndExecute, Synchronize' -and $a -eq 'ContainerInherit') { 'List Folder
Contents' } elseif ($f -eq 'Modify, Synchronize') { 'Modify' } elseif ($f -eq
'ReadAndExecute, Synchronize' -and $a -eq 'ObjectInherit, ContainerInherit') {
'ReadAndExecute' } else { $_.AccessRights } } },IsInherited -auto
In this example I am returning "List Folder Contents" and "ReadAndExecute".
*Note* The "List Folder Contents" is tricky since it depends on the inheritance
setting as well.
--
Kevin Kelly
Director, Network Technology
Whitman College
----- Original Message -----
From: "Michael B. Smith" <[email protected]>
To: [email protected]
Sent: Tuesday, March 25, 2014 10:09:35 AM
Subject: [NTSysADM] RE: Powershell Tip using get-ace for a share permission
You need a .ToString() in there.
$UniqueShare.AccessRights.ToString()
From: [email protected] [mailto:[email protected]] On
Behalf Of Kuhlman, Donald
Sent: Tuesday, March 25, 2014 1:01 PM
To: [email protected]
Subject: [NTSysADM] Powershell Tip using get-ace for a share permission
· Hi folks. Long time no post…I’m on a new gig and re-subscribed using the
email address from here.
· I can’t find the Powershell info for the IT-Forum groups so I didn’t post
there yet. I’ve been googling and checking other sources also, but can’t seem
to get this to work with what I’ve found.
· Anyway, I'm working on a script to pull a server inventory including shares,
share permissions, and other entries and any tip on what may work better or
instead of would be really appreciated.
I'm able to retrieve the share and ace entries, but when I try to write them to
an excel sheet, they aren't coming over with the human readable value like
“Read and execute”. I can output the info to the screen. I've tried to use a
Switch command like this but it doesn't work -
# Switch($UniqueShare.AccessRights)
# {
# 1179817 {$Sheet1.Cells.Item($intRowShare, 7) = "ReadAndExecute"}
# }
Below is a code snip showing what I'm doing:
$strComputer = read-host "Enter computer name "
$strComputerDelim = "\\" + $strComputer
$sharelist = get-wmiobject win32_share -ComputerName $strComputer
foreach ($share in $sharelist)
{
$ShareAceName = $strComputerDelim + "\" + $share.Name
$ShareAceDetails = get-ace -path $ShareAceName
foreach ($ShareAce in $ShareAceDetails)
{
foreach ($UniqueShare in $ShareAce)
{
#Populate Shares Sheet (This is only a code snippet)
write-host $UniqueShare.AccessRights
$Sheet1.Cells.Item($intRowShare, 7) = $UniqueShare.AccessRights
$Sheet1.Cells.Item($intRowShare, 8) = $ShareAceDetails.AccessControlType
$intRowShare = $intRowShare + 1
}
}
$intRowShare = $intRowShare + 1
}
Results on screen are like this for the Permissions:
ReadAndExecute, Synchronize
FullControl
ReadAndExecute, Synchronize
ReadAndExecute, Synchronize
GenericExecute, GenericRead
ReadAndExecute, Synchronize
Results in the sheet are like this:
Permission
1179817
Thanks,
Don K
