Reporting On Folder Permissions (PowerShell)

PowerShell GET-ACL Multiple Folders

Over the weekend I was thinking about ways to check which users could access a folder, which lead me into wondering if a report could be run to show multiple folders and save the results. After a little bit of thinking and I had knocked up some PowerShell:

powershell_folder_permissions
PowerShell Get-ACL for one folder

The PowerShell uses a variable called $foldername to store the path of the folder to check and then uses the GET_ACL function to return the foldername, groups/users that have permissions to the folder and the permissions that the groups/users have, then outputs the results in a table and outputs them (>>) to a file. I was originally going to look at creating a CSV (comma separated value) file but liked the table, so a TXT file would work just as well for output.

Powershell_folder_permissions_2
PowerShell GET-ACL Multiple Folders

I then expanded on it so that the PowerShell ran through multiple sub-folders of a folder and reported back on each of them.

# geektechtstuff
$folder_path = ‘C:\temp’
$save = ‘C:\temp\filepermissions2.txt’
$folders = GCI $folder_path\* | Where-Object{$_.psiscontainer -eq $true}
foreach ($folder in $folders){
$gets_acl = GET-ACL $folder.FullName | ForEach-Object{$_.Access} |ft $folder.Fullname, IdentityReference, FileSystemRights | Out-File $save -append
}
PowerShell GET-ACL Output
PowerShell GET-ACL Output
The PowerShell broken down, comments in red:
# geektechtstuff

 

$folder_path = ‘C:\temp’ <<- main folder to check in
$save = ‘C:\temp\filepermissions2.txt’ <<-File to Output to

 

$folders = GCI $folder_path\* (reading the child-items of the folder)| Where-Object{$_.psiscontainer -eq $true} <<- only reading folders (containers)

 

foreach ($folder in $folders){ <<- running action on each sub-folder of the main folder
$gets_acl = GET-ACL $folder.FullName (Getting the access for each sub-folder)| ForEach-Object{$_.Access} |ft $folder.Fullname, IdentityReference, FileSystemRights (sorted results into a table)| Out-File $save -append (Outputting the resulting table to a file and appending it so as to not-overwrite data)
}

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.