none
Get-Acl where username has access to folders and SubFolders

    Question

  • Hi, I have a script that works only on the path that is defined, but in my environment I have this path with plenty of subfolders underneath this path. How do I get the ACL permission of the user in the SubfolderS?

    $Path = Get-Acl -filter * -path  \\ServerName\Shared\
    $Path.Access | where {$_.IdentityReference -like "DomainName\UserName"} | Select-Object FileSystemRights, AccessControlType, IdentityReference, IsInherited | ft -auto

    Thanks,

    Thursday, July 11, 2013 8:33 AM

Answers

  • If you are going to re-curse through all the folders, then you might as well bring back all the data.

    The following will get all the permissions on a particular folder and sub-folders.

    function Get-AclAccess {
    param ($folder='.', $outfile='aces.csv')
    
       dir $folder -recurse|where{$_.PSIsContainer}|
       foreach {get-acl $_.pspath}|foreach {
           $Path=$_.pspath
           $_.access|where {$_.IsInherited -eq $False}|
           add-member -MemberType noteproperty -name path -value $path -passthru
       } |   export-csv $outfile
    } 

    Get-AclAccess "\\Server\Share"

    You can then open the CSV file and filter it in Excel for the particular user.

    • Marked as answer by hms_24 Monday, July 22, 2013 9:54 AM
    Thursday, July 11, 2013 3:58 PM
  • Hi,

    I edited Jones code a bit. please try this one.

    dir "\\server\share"  -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }} | export-csv Output.csv

    The account that run should have access to folders and requires to run as administrator mode.

    Again, if your path (especially sub folders) are too long, Get-ChildItem and Get-Acl will give error.



    rgds,


    Sunday, July 14, 2013 3:00 PM

All replies

  • Hello,

    Tried this, it gives a result, but also at the end it gives an error;

    Get-Acl \\ServerName\Shared\* | select -ExpandProperty Access | where {$_.IdentityReference -like "DomainName
    \Username"}
    
    
    FileSystemRights  : Write, ReadAndExecute, Synchronize
    AccessControlType : Allow
    IdentityReference : Domain\Username
    IsInherited       : False
    InheritanceFlags  : ContainerInherit, ObjectInherit
    PropagationFlags  : None
    
    Get-Acl : Attempted to perform an unauthorized operation.
    At line:1 char:8
    + Get-Acl <<<<  \\ServerName\Shared\* | select -ExpandProperty Access | where {$_.IdentityReference -like "Domain\Username
    "}
        + CategoryInfo          : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
        + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
    
    
    
    PS D:\Scripts>

    Thursday, July 11, 2013 9:09 AM
  • Okay,

    This gives the exact path and the permission where the user has, but it doesn't take the subfolders. 

    Get-Acl "\\Server\Share\*" | select Path -ExpandProperty Access | where {$_.IdentityReference -like "Domain\Username"} | fl

    Any help?

    Thursday, July 11, 2013 9:26 AM
  • Another help is required;

    I'm trying to populate a text file with all the Shared Paths and loop inside this file to get the ACL Permission, but the Code goes only into one path instead of the whole paths I have inside the .txt file.

    $Path = Get-Content -Path "D:\Scripts\Path.txt"
    foreach ($Line in $Path) {
    Get-Acl -path $Path | select Path -ExpandProperty Access | where {$_.IdentityReference -like "Domain\UserName*"} | fl
    }

    Any help?

    Thursday, July 11, 2013 10:03 AM
  • If you are going to re-curse through all the folders, then you might as well bring back all the data.

    The following will get all the permissions on a particular folder and sub-folders.

    function Get-AclAccess {
    param ($folder='.', $outfile='aces.csv')
    
       dir $folder -recurse|where{$_.PSIsContainer}|
       foreach {get-acl $_.pspath}|foreach {
           $Path=$_.pspath
           $_.access|where {$_.IsInherited -eq $False}|
           add-member -MemberType noteproperty -name path -value $path -passthru
       } |   export-csv $outfile
    } 

    Get-AclAccess "\\Server\Share"

    You can then open the CSV file and filter it in Excel for the particular user.

    • Marked as answer by hms_24 Monday, July 22, 2013 9:54 AM
    Thursday, July 11, 2013 3:58 PM
  • Hi,

    I have tried it but it doesn't work..

    Thanks,

    Sunday, July 14, 2013 7:21 AM
  • Hi,

    I edited Jones code a bit. please try this one.

    dir "\\server\share"  -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { !$_.IsInherited } | Add-Member -MemberType NoteProperty -name "Path" -Value $path1 -passthru }} | export-csv Output.csv

    The account that run should have access to folders and requires to run as administrator mode.

    Again, if your path (especially sub folders) are too long, Get-ChildItem and Get-Acl will give error.



    rgds,


    Sunday, July 14, 2013 3:00 PM
  • Hi,

    I have tried it but it doesn't work..

    Thanks,

    A little more information please.

    What didn't work.

    Did the script run at all? Error messages?


    • Edited by Newbie Jones Monday, July 15, 2013 1:52 PM grammar
    Monday, July 15, 2013 1:52 PM