Public/Get-ACLInfo.ps1
|
function Get-ACLInfo { <# .SYNOPSIS Get a summary of a folder ACL .DESCRIPTION This command will examine the ACL of a given folder and create a custom object. The object will include a count of access rules based on the identity reference. Any ACL that belongs to a builtin or system account, or Everyone and Creator Owner, will be counted as a SystemACL. Everything else will be counted as a UserACL. You might use this information to identify folders or files where ACLS aren't what you expect. The custom object also contains an AccessRules property which will be a collection of the access rules for that object. SystemACL : 7 Owner : BUILTIN\Administrators UserACL : 1 AccessRules : {System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule...} Path : C:\work TotalACL : 8 It is assumed you will use this with the FileSystem provider. This version of the command uses a format file which is loaded "on the fly" so by default, information is presented as a nicely formatted table without the AccessRules property. .PARAMETER Path The path of the folder to analyze. The default is the current directory. .EXAMPLE PS C:\> Get-ACLInfo D:\Files Get acl data on the Files folder. .EXAMPLE PS C:\> Get-ChildItem e:\groups\data -Recurse | Where-Object {$_.PSIsContainer} | Get-ACLInfo Get acl information for every folder under e:\groups\data. .NOTES NAME : Get-ACLInfo VERSION : 0.9 LAST UPDATED: 6/21/2012 AUTHOR : Jeffery Hicks (http://jdhitsolutions.com/blog) .LINK Get-ACL .INPUTS Strings .OUTPUTS Custom object #> Param( [Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)] [ValidateScript({Test-Path -Path $_ -PathType Container})] [string[]]$Path = $PWD.Path ) Begin { Write-Verbose -Message ('Starting {0}' -f $MyInvocation.MyCommand) $Xml = @' <?xml version="1.0" encoding="utf-8"?> <Configuration> <ViewDefinitions> <View> <Name>JDH.ACLInfo</Name> <ViewSelectedBy> <TypeName>JDH.ACLInfo</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders/> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Path</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Owner</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>TotalACL</PropertyName> </TableColumnItem> <TableColumnItem> <Propertyname>SystemACL</Propertyname> </TableColumnItem> <TableColumnItem> <Propertyname>UserACL</Propertyname> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> </ViewDefinitions> </Configuration> '@ $TempFile = [System.IO.Path]::GetTempFileName() + '.ps1xml' Write-Verbose -Message ('Creating {0}' -f $TempFile) $Xml | Out-File -FilePath $TempFile Write-Verbose -Message 'Updating Format Data' Update-FormatData -AppendPath $TempFile -ErrorAction SilentlyContinue } Process { Foreach ($Folder in $Path) { Write-Verbose -Message ('Getting ACL for {0}' -f $Folder) $ACL = Get-ACL -Path $Folder [regex]$Regex = '\w:\\\S+' $FolderPath = $Regex.Match($ACL.Path).Value $Access = $ACL.Access $SysACL= $Access | Where-Object {$_.IdentityReference -match 'BUILTIN|NT AUTHORITY|EVERYONE|CREATOR OWNER'} $NonSysACL = $Access | Where-Object {$_.IdentityReference -notmatch 'BUILTIN|NT AUTHORITY|EVERYONE|CREATOR OWNER'} $Obj = [PSCustomObject] @{ Path = $FolderPath Owner = $ACL.Owner TotalACL = $Access.Count SystemACL = ($SysACL | Measure-Object).Count UserACL = ($NonSysACL | Measure-Object).Count AccessRules = $Access } $Obj.PSObject.TypeNames.Insert(0,'JDH.ACLInfo') $Obj } } End { if (Test-Path -Path $TempFile) { Write-Verbose -Message ('Deleting {0}' -f $TempFile) Remove-Item -Path $TempFile } } } |