-
Notifications
You must be signed in to change notification settings - Fork 0
/
Get-MFShareACL.ps1
159 lines (139 loc) · 7.31 KB
/
Get-MFShareACL.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
function Get-MFShareACL {
[CmdletBinding()]
param(
# Target Path
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] $Path,
[Parameter(Mandatory = $false, Position = 1)] $OutputPath = "C:\Powershell\LOGS",
[Parameter(Mandatory = $false, Position = 2)][String] $domain
)
begin {
$stopWatch = [System.Diagnostics.Stopwatch]::StartNew()
. $PSScriptRoot\Get-LocalGroup.ps1
$Script:userSID = ''
$Script:user = ''
$domains = @($domain.split(',')) #Insert AD Domain name to split from usernames in here.
if (!(Get-PSDrive "P" -ErrorAction SilentlyContinue)) {
Remove-PSDrive "P"
New-PSDrive -Name "P" -PSProvider FileSystem -Root $Path
} else {
New-PSDrive -Name "P" -PSProvider FileSystem -Root $Path
}
Write-Host "Gathering Folders from $Path..."
$date = Get-Date -Format yyyMMddhhmmss
$parentFolder = Get-Item -Path P: -ErrorAction SilentlyContinue -ErrorVariable err
$childFolders = Get-ChildItem -Path P: -Directory -Recurse -ErrorAction SilentlyContinue -ErrorVariable err
$folderName = [System.IO.Path]::GetFileName($Path)
Write-Host "Total folders to scan:" ($parentFolder.Count + $childFolders.Count)
foreach ($errorRecord in $err) {
if ($errorRecord.Exception -is [System.IO.PathTooLongException]) {
$message = "Path too long in directory '$($errorRecord.TargetObject)'."
Write-Warning $message
Out-File -InputObject $message -FilePath C:\Powershell\LOGS\$folderName-$date-Errors.txt -Append
}
elseif ($errorRecord.Exception -is [System.UnauthorizedAccessException]) {
$message = "Access to path '$($errorRecord.TargetObject)' denied."
Write-Warning $message
Out-File -InputObject $message -FilePath C:\Powershell\LOGS\$folderName-$date-Errors.txt -Append
}
elseif ($errorRecord.Exception -is [System.IO.DirectoryNotFoundException]) {
$message = "Could not find: '$($errorRecord.TargetObject)'. Path may be too long (Length:" + ($errorRecord.TargetObject).length + ")."
Write-Warning $message
Out-File -InputObject $message -FilePath C:\Powershell\LOGS\$folderName-$date-Errors.txt -Append
}
else {
$error = Write-Error -ErrorRecord $errorRecord
}
}
Write-Host "Gathering Groups..."
$serverFileCache = "C:\Powershell\LOGS\ServerGroupsCache"
if ((Test-Path $serverFileCache)) {
$groups = Get-LocalGroup -ComputerName $Path.Split("\")[2]
$groups | Out-File "C:\Powershell\LOGS\ServerGroupsCache\$($Path.Split("\")[2]).txt" -Force
}
if (!(Test-Path $OutputPath)) {
New-Item -Path $OutputPath -ItemType Directory
}
function Start-Processing ($folders) {
# $i = 0
$access = (Get-Acl -Path $f.FullName -ErrorAction -ErrorVariable procErr)
foreach ($procErrorRecord in $procErr) {
if ($procErrorRecord.Exception -is [System.IO.PathTooLongException]) {
$message = "Path too long in directory '$($procErrorRecord.TargetObject)'."
Write-Warning $message
Out-File -InputObject $message -FilePath C:\Powershell\LOGS\$folderName-$date-Errors.txt -Append
}
elseif ($procErrorRecord.Exception -is [System.UnauthorizedAccessException]) {
$message = "Access to path '$($procErrorRecord.TargetObject)' denied."
Write-Warning $message
Out-File -InputObject $message -FilePath C:\Powershell\LOGS\$folderName-$date-Errors.txt -Append
}
elseif ($procErrorRecord.Exception -is [System.IO.DirectoryNotFoundException]) {
$message = "Could not find: '$($procErrorRecord.TargetObject)'. Path may be too long (Length:" + ($procErrorRecord.TargetObject).length + ")."
Write-Warning $message
Out-File -InputObject $message -FilePath C:\Powershell\LOGS\$folderName-$date-Errors.txt -Append
}
else {
$error = Write-Error -ErrorRecord $errorRecord
}
}
foreach ($u in $access.Access) {
Write-Verbose "Identity Reference: $($u.IdentityReference.Value)"
if (($u.IdentityReference.Value).contains($domains)) {
try {
[string]$uIdent = $u.IdentityReference
$displayName = Get-ADUser $uIdent.Split("\")[1] -Properties DisplayName, Name | Select-Object DisplayName, Name
$user = "$($displayName.DisplayName) ($($displayName.Name))"
$userType = "User"
}
catch {
$user = $u.IdentityReference
$userType = "Group"
}
}
elseif (($u.IdentityReference.Value).contains("S-*")) {
# Figure out a way to use the Get-LocalGroups function here to convert local group SIDs to group names.
# Only required if folder permissions are set via local groups with domain groups as members.
foreach ($g in $groups) {
if ($g.SID -like $u.IdentityReference) {
$userSID = $g.Name
}
else {
$userSID = $u.IndentityReference
}
}
$user = $userSID
$userType = "Group"
}
else {
$user = "$($u.IdentityReference) (Else case)"
}
$output = [ordered]@{
FullName = $f.FullName
Directory = $f.Name
User = $user
UserType = $userType
Access = $u.FileSystemRights
AccessType = $u.AccessControlType
Inherited = $u.IsInherited
InheritanceFlags = $u.InheritanceFlags
}
New-Object psobject -Property $output | Export-Csv $OutputPath\$folderName-$date.csv -Append -NoTypeInformation
}
# $i++
# Write-Progress -activity "Processing Folders..." -status "Processed: $i of $($access.count)" -PercentComplete (($i / $access.count) * 100)
}
}
process {
Write-Host "Processing Folders..."
foreach ($f in $parentFolder) {
Start-Processing ($f)
}
foreach ($f in $childFolders) {
Start-Processing ($f)
}
}
end {
$stopWatch.Stop()
Write-Output "Script completed in: $($stopWatch.Elapsed.Hours):$($stopWatch.Elapsed.Minutes):$($stopWatch.Elapsed.Seconds)"
}
}