我正在尝试使用Get-ACL函数在目录中扫描子文件夹。我正在修改我在这里找到的工作脚本,该脚本将输出转换为.csv文件。如果我能获得输出,那么每行都包含 ALL 每个文件夹的IdentityReference值。但是,我的最佳尝试导致此错误:
方法调用失败了,因为[System.Security.Principal.ntaccount]不包含名为" OP_ADDITION"的方法。
这是代码:
$OutFile = "C:AdminPermissions.csv"
$Header = "FolderPath,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "I:UsersES"
$Folders = GCI $RootPath* | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutIR = $ACL.IdentityReference
$OutIR += ","
}
$OutInfo = $Folder.Fullname + "," + $OutIR + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}
我尝试使用变量$OutIR来捕获所有IdentityReferences,然后在末尾将$OutIR添加到结果中。每个文件夹将被列出,并且在同一行中,将显示所有IdentityReference。
更新>非常感谢到目前为止的所有帮助!这两个代码都可以使用(很棒!),但是我真的很想调整输出。顺便说一句,这是我第一次在这里寻求帮助,真是让真正的脚本纸实际看!
我在Windows 2012 R2机器上使用PowerShell 4.0。
我将获得的输出的一个示例是:
"I:UsersESaalvarez","NT AUTHORITYSYSTEM","Allow","False","ContainerInherit, ObjectInherit","None"
"I:UsersESaalvarez","BUILTINAdministrators","Allow","False","ContainerInherit, ObjectInherit","None"
"I:UsersESaalvarez","XXXaralvare","Allow","False","ContainerInherit, ObjectInherit","None"
我想拥有的输出是:
"I:UsersESaalvarez","NT AUTHORITYSYSTEM","BUILTINAdministrators","XXXaralvare","Allow","False","ContainerInherit, ObjectInherit","None"
这个想法是,我可以将1000多种用户放入电子表格中,并快速比较他们的文件夹ACL。再次感谢!
您没有得到预期的结果,因为您使用了该循环的内部循环的循环变量。
更改此内容:
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutIR = $ACL.IdentityReference
$OutIR += ","
}
$OutInfo = $Folder.Fullname + "," + $OutIR + "," + $ACL.AccessControlType +
"," + $ACL.IsInherited + "," + $ACL.InheritanceFlags +
"," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}进入这个:
$Folders | % {
$fpath = $_.FullName
Get-Acl $fpath | select -Expand Access | % {
$fpath + "," + $_.IdentityReference + "," + $_.AccessControlType + "," +
$_.IsInherited + "," + $_.InheritanceFlags + "," + $_.PropagationFlags
}
} | Add-Content -Path $OutFile
由于要创建逗号分隔的输出,因此可以完全避免使用ConvertTo-Csv CMDLET和该文件夹名称的计算属性:
$Folders | % {
$fpath = $_.FullName
Get-Acl $fpath | select -Expand Access |
select @{n='FolderName';e={$fpath}}, IdentityReference, AccessControlType,
IsInherited, InheritanceFlags, PropagationFlags
} | ConvertTo-Csv -NoType | select -Skip 1 | Add-Content -Path $OutFile
如果您不介意标题线,也可以将数据直接导出到CSV:
$Folders | % {
...
} | Export-Csv $OutFile -NoType
我看到了姆乔利诺(Mjolinor)已经发表了评论,他可能会更好,因为他很棒,但是如果是我,这就是我要做的。我喜欢在说一切时都有一个对象可以使用的对象,以防万一我想稍后询问它。然后,我们可以将其导出到CSV,而不是像您一样艰难的方式构建一个CSV。
- 创建一个空数组。
- 获取您的ACL,然后像您现在一样循环通过它们。
- 为每个ACL创建一个使用您想要的属性在输出文件中的pscustomobject。
- 将该对象添加到您之前制作的数组中。
- 当所有操作完成时,将数组到文件。
这是将执行此操作的代码:
$OutFile = "C:AdminPermissions.csv"
$ACLList =@()
Del $OutFile
$RootPath = "I:UsersES"
$Folders = GCI $RootPath* | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = New-Object -TypeName psobject -Property @{
FolderPath = $Folder.Fullname
IdentityReference = $ACL.IdentityReference.ToString()
AccessControlType = $ACL.AccessControlType.ToString()
IsInherited = $ACL.IsInherited
InheritanceFlags = $ACL.InheritanceFlags
PropagationFlags = $ACL.PropagationFlags}
$ACLList+=$OutInfo
}
}
$ACLList|select FolderPath,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags|export-csv C:tempPermissions.csv -NoTypeInformation