Tuesday, May 21, 2013

Backup Folder Security to CSV with Powershell


thanks to whoever I stole the rescurse depth limit from :)

# Get the folder security and save it to csv
# -------------------------
$Date= get-date -Format yyyyMMdd
#Group path already includes two '\' so add 2 to folder level required
$Depth=3
# Obtain the files
$Rfolders=Get-ChildItem E:\group -recurse -Attributes Directory | % {$_.FullName.ToString()} | foreach {$var=$_;$count=(0..($_.length - 1) | where {$var[$_] -eq "\"}).count;if($count -le $Depth) {$_}}
# Obtain the folder security information and log to file
$LogFile = 'E:\group\GroupSecurityBackup_'+$date+ '.log'
$Rfolders | Get-Acl | Export-Csv $LogFile -Force

# Restoring individual folder
#--------------------------
# 1st- Import Acl back
 $ResFolder = import-csv E:\group\GroupSecurityBackup_<date>.log
#
# 2nd- Check acl for a specific folder
$Resfolder |Get-Acl | where {$_.path -like "*E:\group\test1\test2"}
#
# 3rd- To restore acl for a specific folder (this example we are exporting to another folder)
$acl = get-acl E:\group\testme
$acl.SetSecurityDescriptorSddlForm(($Resfolder |Get-Acl | where {$_.path -like "*E:\group\test1\test2"}).sddl)
set-acl E:\group\testme $acl

# Restoring Complete Tree Rebuld and ReSecure
# ---------------------------
$ResFolder = import-csv E:\group\GroupSecurityBackup_<date>.log
 foreach ($folder in $ResFolder) {
   write-host $folder.Path
   mkdir $folder.Path
   $acl = get-acl $folder.Path
   $acl.SetSecurityDescriptorSddlForm($folder.Sddl)
   set-acl $folder.Path $acl
   } 

No comments: