Search code examples
powershellntfs

Using Get-ACL to get file share permissions

I have the following script which based on the path given is reporting the present folder and recurses one level to get any child folder permissions.

if ($ComputerName -eq '.'){
$Path = $Folder
}

else {
$Path = "\\$ComputerName\$Folder"
}ls

if ($OutputFile){
gci $Path|%{if($_.PSIsContainer){GCI $_.FullName|get-acl};$_|get-acl}| sort PSParentPath| Select-Object @{Name="Path";Expression={$_.PSPath.Substring($_.PSPath.IndexOf(":")+2) }},@{Name="Type";Expression={$_.GetType()}},Owner -ExpandProperty Access | Export-CSV $OutputFile -NoType
}

else{
gci $Path|%{if($_.PSIsContainer){GCI $_.FullName|get-acl};$_|get-acl}|sort PSParentPath| Select-Object @{Name="Path";Expression={$_.PSPath.Substring($_.PSPath.IndexOf(":")+2) }},@{Name="Type";Expression={$_.GetType()}},Owner -ExpandProperty Access | FT -Auto
}

I'm having issues with that I'm not getting the permissions of the actual share. For example, assume my path was \Server\share\folder1\folder2\folder3. I would want to get permissions for share and folder1, however instead when I run this I am getting the contents inside of share and one level beyond that.

Solution

  • The problem is that the very first thing you do is get the contents of $Path, and get the ACLs for all of the contents, and if it's a folder you get the ACLs of the contents of those folders, but you never actually get the ACL of $Path itself. I think what you want to do is:

    if ($ComputerName -eq '.'){
    $Path = $Folder
}

else {
    $Path = "\\$ComputerName\$Folder"
}

$Output = @()
$Output += get-acl $Path
$Output += GCI $Path | ?{$_.PSIsContainer} | Get-ACL

if ($OutputFile){
    $Output | sort PSParentPath| Select-Object @{Name="Path";Expression={$_.PSPath.Substring($_.PSPath.IndexOf(":")+2) }},@{Name="Type";Expression={$_.GetType()}},Owner -ExpandProperty Access | Export-CSV $OutputFile -NoType
}

else{
    $Output | sort PSParentPath| Select-Object @{Name="Path";Expression={$_.PSPath.Substring($_.PSPath.IndexOf(":")+2) }},@{Name="Type";Expression={$_.GetType()}},Owner -ExpandProperty Access | FT -Auto
}

    That will create an array to store the ACLs. Then it gets the ACL for $Path and stores it in the array, and then it gets the ACLs for all the folders within $Path and adds that to the array as well, and then it outputs it like you wanted it to.