This month I find myself in the need for a quick way to do a simple audit of NTFS permissions on a bunch of files servers. As always I wanted to use PowerShell Remoting (with the code executing on the local server) to accomplish this as enumerating permissions is a slow process at the best of times and over the wire this would have been painfully slow.
Now I know that you can use some of the *CACLS executables to do this but if you’ve ever used these tools you will know they seem to default to information overload. All I wanted to do is get the permissions of a path and then check for any inheritance breaks on all its child folders, and be able to export to CSV.
This is the code that I came up with:
function Get-PathPermissions { param ( [Parameter(Mandatory=$true)] [System.String]${Path} ) begin { $root = Get-Item $Path ($root | get-acl).Access | Add-Member -MemberType NoteProperty -Name "Path" -Value $($root.fullname).ToString() -PassThru } process { $containers = Get-ChildItem -path $Path -recurse | ? {$_.psIscontainer -eq $true} if ($containers -eq $null) {break} foreach ($container in $containers) { (Get-ACL $container.fullname).Access | ? { $_.IsInherited -eq $false } | Add-Member -MemberType NoteProperty -Name "Path" -Value $($container.fullname).ToString() -PassThru } } } Get-PathPermissions $args[0]
To use this code on a local machine simply execute the above function and call it, for example Get-PathPermissions D:\FileData. Now as previously mentioned I wanted to be able to audit a large bunch of File Servers and to do that I would first need to create a variable to hold my servers, for example $allServers, then save the above code to the executing server for example C:\Scripts\Get-PathPermissions.ps1. This finally allowed me to run the following command:
icm $allServers -FilePath C:\Scripts\Get-PathPermissions.ps1 -ArgumentList "E:\WallPaper" | Export-Csv C:\PermissionsAudit.csv –NoTypeInformation
The output (C:\PermissionsAudit.csv) can now be manipulated in Excel, for example:
As you can see this provides very simple and easy to read output that can ease auditing NTFS permissions in bulk.
Thanks for reading and I hope you find this useful.
Regards,
jfrmilner