Search code examples
powershellntfs

Get Folder NTFS ACL on long path name

I have a PS script that will return NTFS ACLs if an individual user is assigned, works well until I hit a path exceeding 260 characters. I've found a lot of information on the path too long problem and some work-arounds but I'm struggling to integrate a solution into my script. Any suggestions?

Thanks!

$DateStart = Get-Date  
$Path = "E:\"           
$PermittedOU1 = "OU=Groups,dc=chiba,dc=localt"
$PermittedOU3 = "OU=System Accounts,OU=Accounts,dc=chiba,dc=local"
$PermittedACL1 = get-adgroup -Filter * -SearchBase $PermittedOU1 
$PermittedACL3 = get-aduser  -Filter * -SearchBase $PermittedOU3
$ObjectPathItem = Get-ChildItem -path $Path -Recurse | where-object {$_.PsIsContainer} | foreach-    object -process { $_.FullName } 
$howmany=0  
$Logfilename = "C:\Users\administrator\Documents\$(get-date -f yyyy-MM-dd-hh-mm).csv"


Add-Content $Logfilename "$DateStart`n"
$totalfolders=0
$i=0

ForEach ($Folder in $ObjectPathItem)
{
$totalfolders++
}



Foreach ($Folder in $ObjectPathItem)                                                
{                                                                            

   $ObjectACL = Get-ACL -Path $Folder                                            
   $i++
   $howmany=0 
   Write-Progress -id 1 -Activity "Folder Recursion" -status "Folders Traversed: "                 -PercentComplete (($i / $totalfolders) * 100)


   Foreach ($ACL in $ObjectACL.access)                                       
    {

        $ACLstring = $ACL.identityreference.Value                           
        $ACLstring = $ACLstring.Replace("CHIBA\","")                        
        if (($ACLstring -notin $PermittedACL1.name)`
        -and ($ACLstring -notin $PermittedACL3.SamAccountName)`
        -and ($ACLstring -notin "NT AUTHORITY\SYSTEM") `
        -and ($ACLstring -notin "BUILTIN\Administrators") `
        -and ($ACLstring -notin "CREATOR OWNER"))   
         {
                 $newline = "`"$Folder`"" + "," + "$ACLString"
                 Add-Content $Logfilename "$newline"   
                 $howmany+=1 
            }

        else {
                $howmany+=1
             }

    }


}
$DateEnd = Get-Date
Add-Content $Logfilename "`n`n$DateEnd"
Solution

  • One option you can usually use is to create a mapped drive using New-PSDrive. Something like:

    Try{
    $ObjectACL = Get-ACL -Path $Folder
}
Catch{
    $SubPathLength = $Folder.FullName.substring(0,200).LastIndexOf('\')
    $NewTempPath = $Folder.FullName.SubString(0,$SubPathLength)
    New-PSDrive -Name Temp4ACL -Provider FileSystem -Root $NewTempPath
    $ObjectACL = Get-ACL "Temp4ACL:$($Folder.FullName.SubSTring($SubPathLength,$Folder.FullName.Length-$SubPathLength))"
}

    That will find the last \ before the 200th character in the path, grab a substring of the full path up to the end of that folder's name and create a temp drive of it, then get the ACL based off the temp drive and the remaining path. So this path:

    C:\Temp\Subfolder\Really Long Folder Name\Another Subfolder\ABCDEFGHIJKLMNOPQRSTUVWXYZ\We Are Really Pushing It Now\Im Running Out Of Folder Name Ideas\Hello My Name Is Inigo Montoya\You Killed My Father Prepare To Die\ReadMe.txt

    Gets cut at the second to last backslash. I would end up getting the ACL from:

    Temp4ACL:\You Killed My Father Prepare To Die\ReadMe.txt