-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAnalysePermissions.ps1
46 lines (35 loc) · 1.42 KB
/
AnalysePermissions.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# Config
$FolderToAnalyse = "G:\Temp\Test-Permissions"
$OutputFile = "C:\Users\admin\Desktop\export.csv"
$OutputList = @()
# Adds the root folder to the OutputList
$OutputList += Get-NTFSAccess -Path $FolderToAnalyse
# Adds all subfolders/subfiles that have different access rules then their parents.
foreach ($SubItem in Get-ChildItem -Path $FolderToAnalyse -Recurse) {
$SubItemPath = $SubItem.FullName
if ($SubItem.GetType().Name -eq "DirectoryInfo") {
$SubItemParentPath = $SubItem.Parent.FullName
} else {
$SubItemParentPath = $SubItem.DirectoryName
}
if ((Get-Acl -Path $SubItemPath).AccessToString -ne (Get-Acl -Path $SubItemParentPath).AccessToString) {
$OutputList += Get-NTFSAccess -path $SubItemPath
}
}
# Retrieve the set of accounts/groups name
$AccountsName = ($OutputList | Group-Object -Property Account).Name
# Retrieve the set of subitems (subfolders and subfiles)
$SubItems = ($OutputList | Group-Object -Property FullName)
# Generate the CSV header
$CSV = "Chemin;" + ($AccountsName -join ";") + "`n"
# Generate the subsequent CSV lines
foreach($SubItem in $SubItems) {
$CSV += $SubItem.Name + ";"
foreach($Account in $AccountsName) {
$CSV += ($SubItem.Group | Where-Object {$_.Account.AccountName -eq $Account}).AccessRights
$CSV += ";"
}
$CSV += "`n"
}
# Save the output file
$CSV > $OutputFile