thanks to whoever I stole the rescurse depth limit from :)
# Get the folder
security and save it to csv
#
-------------------------
$Date= get-date
-Format yyyyMMdd
#Group path already includes two '\' so add 2 to folder level required
$Depth=3
# Obtain the files
$Rfolders=Get-ChildItem
E:\group -recurse
-Attributes Directory
| % {$_.FullName.ToString()} |
foreach {$var=$_;$count=(0..($_.length - 1) | where {$var[$_] -eq "\"}).count;if($count -le $Depth) {$_}}
# Obtain the folder
security information and log to file
$LogFile
= 'E:\group\GroupSecurityBackup_'+$date+ '.log'
$Rfolders
| Get-Acl | Export-Csv $LogFile -Force
# Restoring individual
folder
#--------------------------
# 1st- Import Acl back
$ResFolder =
import-csv E:\group\GroupSecurityBackup_<date>.log
#
# 2nd- Check acl for a
specific folder
$Resfolder
|Get-Acl | where {$_.path -like "*E:\group\test1\test2"}
#
# 3rd- To restore acl
for a specific folder (this example we are exporting to another folder)
$acl
= get-acl E:\group\testme
$acl.SetSecurityDescriptorSddlForm(($Resfolder |Get-Acl | where {$_.path -like "*E:\group\test1\test2"}).sddl)
set-acl
E:\group\testme $acl
# Restoring Complete
Tree Rebuld and ReSecure
#
---------------------------
$ResFolder
= import-csv
E:\group\GroupSecurityBackup_<date>.log
foreach ($folder
in $ResFolder)
{
write-host $folder.Path
mkdir $folder.Path
$acl =
get-acl $folder.Path
$acl.SetSecurityDescriptorSddlForm($folder.Sddl)
set-acl $folder.Path $acl
}
No comments:
Post a Comment