Team, Can any one help me make the following changes to the script.
what it does it perfect, but when it checks for permissions. it does not seem to be able to differentiate between ALLOW or DENY permissions on folders. I need to break it down to confirm if a user has Allow Permissions or Dent permissions for all folders.
would there be an easy way to break it down into lets say Groups or departments? i.e. T:\IT Dept - then all folders under that. T:\Accounts Dept - then all folders under that? I require users and not groups, if a group appears I would need it to expand the group to out put all users in that group and their permissions.
thanks again.
$exclude = @(
'CREATOR OWNER'
'NT AUTHORITY\SYSTEM'
'BUILTIN\Administrators'
'XYZ\Domain Admins'
)
$RootPath = "S:\Groups\DEPARTMENTS"
$folders = [array](Get-Item -Path $RootPath)
$folders += Get-ChildItem -Path $RootPath -Recurse -Directory
$acls = foreach ($Folder in $Folders){
get-acl $Folder.fullname |
Select-Object -ExpandProperty Access |
Where-Object {
-not $_.IsInherited -and
$exclude -notcontains $_.IdentityReference
} |
Select-Object -Property *,@{
'Name' = 'Folder'
'Expression' = {
$Folder.FullName
}}
}
$acls | Export-Csv -NoTypeInformation -Path C:\NTFS\DEPARTMENTS1.csv
