ipmo pscx
$priv=get-privilege
$priv.Enable("SeRestorePrivilege")
$priv.Enable("SeBackupPrivilege")
$priv.Enable("SeSecurityPrivilege")
$priv.Enable("SeTakeOwnershipPrivilege")
set-privilege $priv;
$report=$null
$Report=@()
$InputFile = "C:\temp\Folders.txt"
$OutputFile = "C:\temp\FolderPermissions.csv"
$FolderList = Get-Content $InputFile
ForEach ($Folder in $FolderList)
{
# Get access list items of the folder
$Permissions = (Get-Acl -Path $Folder).Access |
# Add the path property and assign its value, -PassThru so the object is assigned to $Permissions
forEach-Object { $_ | Add-Member -MemberType NoteProperty -Name Path -Value $Folder -PassThru }
$Report += $Permissions
}
$Report | Select-Object path,IdentityReference,FileSystemRights,IsInherited | Export-CSV $OutputFile -NoTypeInformation
thanks to whoever's code source I used... so much internet so little time.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Wednesday, December 10, 2014
Elevate'd Privilege - ACLs of Folders - Backup operator
Using PSCX powershell module to give backup operator rights (also might need to do a file server level)
Tuesday, May 21, 2013
Backup Folder Security to CSV with Powershell
thanks to whoever I stole the rescurse depth limit from :)
# Get the folder
security and save it to csv
#
-------------------------
$Date= get-date
-Format yyyyMMdd
#Group path already includes two '\' so add 2 to folder level required
$Depth=3
# Obtain the files
$Rfolders=Get-ChildItem
E:\group -recurse
-Attributes Directory
| % {$_.FullName.ToString()} |
foreach {$var=$_;$count=(0..($_.length - 1) | where {$var[$_] -eq "\"}).count;if($count -le $Depth) {$_}}
# Obtain the folder
security information and log to file
$LogFile
= 'E:\group\GroupSecurityBackup_'+$date+ '.log'
$Rfolders
| Get-Acl | Export-Csv $LogFile -Force
# Restoring individual
folder
#--------------------------
# 1st- Import Acl back
$ResFolder =
import-csv E:\group\GroupSecurityBackup_<date>.log
#
# 2nd- Check acl for a
specific folder
$Resfolder
|Get-Acl | where {$_.path -like "*E:\group\test1\test2"}
#
# 3rd- To restore acl
for a specific folder (this example we are exporting to another folder)
$acl
= get-acl E:\group\testme
$acl.SetSecurityDescriptorSddlForm(($Resfolder |Get-Acl | where {$_.path -like "*E:\group\test1\test2"}).sddl)
set-acl
E:\group\testme $acl
# Restoring Complete
Tree Rebuld and ReSecure
#
---------------------------
$ResFolder
= import-csv
E:\group\GroupSecurityBackup_<date>.log
foreach ($folder
in $ResFolder)
{
write-host $folder.Path
mkdir $folder.Path
$acl =
get-acl $folder.Path
$acl.SetSecurityDescriptorSddlForm($folder.Sddl)
set-acl $folder.Path $acl
}
Subscribe to:
Posts (Atom)