我被要求写一个脚本,它将接受一个目标,然后输出具有各自权限的文件夹和子文件夹。
我已经得到了我认为是一个工作脚本,但已被告知,他们想要实际的权限类型。这真的可以用Get-ACL
来完成吗?有人能给我指出正确的方向吗?我不知道从哪里开始,也没有太多使用Powershell
的经验。
Add-Type -AssemblyName System.Windows.Forms
$info = ""
$OutputString = ""
$step = 0
$File = "C:GowerFolderPermissions.txt"
function DisplayForm{
$OutputString = ""
#Some GUI Code here taken out for readability
if ($result -eq [System.Windows.Forms.DialogResult]::OK)
{
$baseFolder = $textBox.Text
$folderTest = Test-Path $baseFolder
if($folderTest -eq "True"){
"$baseFolder `r`n" | Out-File $File -Append
Extract-Permissions($baseFolder)
"`r`n`r`n" | Out-File $File -Append
#OutputList
$info = "SAVED TO $File"
"Process complete `r`nFile Located at: $file"
DisplayForm
}else{
$info = "$baseFolder not found"
DisplayForm
}
}
}
function outputList{
$OutputString
}
function Extract-Permissions($baseFolder) {
$folders = Get-ChildItem $baseFolder | Where-Object { $_.PSisContainer }
$baseACL = (Get-Acl $baseFolder).Access | Select-Object -ExpandProperty IdentityReference
"$baseFolder : $baseACL" | Out-File $File -Append
if($folders.Count -ne 0){
foreach($folder in $folders) {
$folderACL = (Get-Acl $folder.FullName).Access | Select-Object -ExpandProperty IdentityReference
$childFolders = Get-ChildItem $folder.FullName | Where-Object { $_.PSisContainer }
"$($folder.FullName) : $folderACL" | Out-File $File -Append
if($childFolders.Count -gt 0){
foreach($childFolder in $childFolders) {
$childACL = (Get-Acl $childFolder.FullName).Access | Select-Object -ExpandProperty IdentityReference
if(Compare-Object $childACL $folderACL) {
Extract-Permissions $childFolder.FullName
} else {
"$($childFolder.FullName) : $childACL" | Out-File $File -Append
}
}
}
}
}
}
DisplayForm
下面的代码将会给我一个看起来像这样的列表:
C:temp : BUILTINAdministrators BUILTINAdministrators NT AUTHORITYSYSTEM NT AUTHORITYSYSTEM BUILTINUsers NT AUTHORITYAuthenticated Users NT AUTHORITYAuthenticated Users
C:tempdu : BUILTINAdministrators BUILTINAdministrators NT AUTHORITYSYSTEM NT AUTHORITYSYSTEM BUILTINUsers NT AUTHORITYAuthenticated Users NT AUTHORITYAuthenticated Users
C:tempGower : BUILTINAdministrators BUILTINAdministrators NT AUTHORITYSYSTEM NT AUTHORITYSYSTEM BUILTINUsers NT AUTHORITYAuthenticated Users NT AUTHORITYAuthenticated Users
C:temppenout : BUILTINAdministrators BUILTINAdministrators NT AUTHORITYSYSTEM NT AUTHORITYSYSTEM BUILTINUsers NT AUTHORITYAuthenticated Users NT AUTHORITYAuthenticated Users
C:tempProjects : NT AUTHORITYSYSTEM DOMAINDomain Users DOMAINTestAdmin
C:tempProjectsA000 - Test0 : DOMAINDomain Users NT AUTHORITYSYSTEM DOMAINTestAdmin
C:tempProjectsA122 - Test12 : DOMAINDomain Users NT AUTHORITYSYSTEM DOMAINTestAdmin
C:tempProjectsA212 - TestA13 : DOMAINDomain Users NT AUTHORITYSYSTEM DOMAINTestAdmin
C:tempProjectsTemplate : DOMAINsam DOMAINDomain Users NT AUTHORITYSYSTEM DOMAINTestAdmin
您可以从对象(Get-Acl $baseFolder).Access
中获得读、写和执行类型,它们被列为FileSystemRights
。下面的函数将提取FileSystemRights
数据并将其添加到权限名称旁边。BUILTINAdministrators-FullAccess
。
function Extract-Permissions($baseFolder) {
$baseACLAccess = (Get-Acl $baseFolder).Access
$folders = Get-ChildItem $baseFolder | Where-Object { $_.PSisContainer }
$baseACL = $baseACLAccess | Select-Object -ExpandProperty IdentityReference
# Sort out output
$BaseOutperms = ""
$baseACLAccess | Foreach {$BaseOutperms += " "+$_.IdentityReference+"-"+$_.FileSystemRights }
"$baseFolder : $BaseOutperms" | Out-File $File -Append
if($folders.Count -ne 0){
foreach($folder in $folders) {
$ACLAccess = (Get-ACL $folder.FullName).Access
$folderACL = $ACLAccess | Select-Object -ExpandProperty IdentityReference
$childFolders = Get-ChildItem $folder.FullName | Where-Object { $_.PSisContainer }
# Sort out output
$outperms = ""
$ACLAccess | Foreach {$outperms += " "+$_.IdentityReference+"-"+$_.FileSystemRights }
"$($folder.FullName) : $outperms" | Out-File $File -Append
if($childFolders.Count -gt 0){
foreach($childFolder in $childFolders) {
$childACLAccess = (Get-Acl $childFolder.FullName).Access
$childACL = $childACLAccess | Select-Object -ExpandProperty IdentityReference
if(Compare-Object $childACL $folderACL) {
Extract-Permissions $childFolder.FullName
} else {
# Sort out output
$ChildOutperms = ""
$childACLAccess | Foreach {$ChildOutperms += " "+$_.IdentityReference+"-"+$_.FileSystemRights }
"$($childFolder.FullName) : $ChildOutperms" | Out-File $File -Append
}
}
}
}
}
}