获取共享中所有文件夹的 ACL
Get ACL of all folders in shares
有脚本可以提取我服务器上网络共享中所有文件夹的 ACL(减去管理员共享)。似乎有效,但输出给了我一些数字而不是权限,我不明白数字的含义,更好的是如何将它们转换为常规权限(FC、RO 等)
$shares = Get-SmbShare | Where-Object Name -notlike "*$" | Select-Object Name
$Report = @()
foreach ($share in $shares){
$path = "\$env:COMPUTERNAME\" + $share.Name.ToString()
$FolderPath = dir -Directory -Path $path -Recurse -Force
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{
'FolderName'=$Folder.FullName;
'ADGroup or User'=$Access.IdentityReference;
'Permissions'=$Access.FileSystemRights;
'Inherited'=$Access.IsInherited}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
}
$Report | Export-Csv -path "C:\temp\FolderPermissions.csv"
这是我得到的一些输出(为了保持简短而进行了一些修整)
"FolderName","ADGroup or User","Permissions","Inherited"
"\WIN-RPK9O6GR3JM\foobar\STE","NT AUTHORITY\SYSTEM","FullControl","True"
...
"\WIN-RPK9O6GR3JM\foobar\STE","CREATOR OWNER","268435456","True"
"\WIN-RPK9O6GR3JM\foobar\STE\LOG","BUILTIN\Users","CreateFiles","True"
"\WIN-RPK9O6GR3JM\foobar\STE\LOG","CREATOR OWNER","268435456","True"
...
"\WIN-RPK9O6GR3JM\foobar\STE\TMP","BUILTIN\Users","CreateFiles","True"
"\WIN-RPK9O6GR3JM\foobar\STE\TMP","CREATOR OWNER","268435456","True"
...
"\WIN-RPK9O6GR3JM\SYSVOL\foobar.net","NT AUTHORITY\Authenticated Users","-1610612736","True"
...
"\WIN-RPK9O6GR3JM\SYSVOL\foobar.net","BUILTIN\Administrators","-536084480","True"
如果有人能就这些价值观是什么以及我如何翻译它们向我解释或指出正确的方向,我将不胜感激。
TIA!
有脚本可以提取我服务器上网络共享中所有文件夹的 ACL(减去管理员共享)。似乎有效,但输出给了我一些数字而不是权限,我不明白数字的含义,更好的是如何将它们转换为常规权限(FC、RO 等)
$shares = Get-SmbShare | Where-Object Name -notlike "*$" | Select-Object Name
$Report = @()
foreach ($share in $shares){
$path = "\$env:COMPUTERNAME\" + $share.Name.ToString()
$FolderPath = dir -Directory -Path $path -Recurse -Force
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{
'FolderName'=$Folder.FullName;
'ADGroup or User'=$Access.IdentityReference;
'Permissions'=$Access.FileSystemRights;
'Inherited'=$Access.IsInherited}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
}
$Report | Export-Csv -path "C:\temp\FolderPermissions.csv"
这是我得到的一些输出(为了保持简短而进行了一些修整)
"FolderName","ADGroup or User","Permissions","Inherited"
"\WIN-RPK9O6GR3JM\foobar\STE","NT AUTHORITY\SYSTEM","FullControl","True"
...
"\WIN-RPK9O6GR3JM\foobar\STE","CREATOR OWNER","268435456","True"
"\WIN-RPK9O6GR3JM\foobar\STE\LOG","BUILTIN\Users","CreateFiles","True"
"\WIN-RPK9O6GR3JM\foobar\STE\LOG","CREATOR OWNER","268435456","True"
...
"\WIN-RPK9O6GR3JM\foobar\STE\TMP","BUILTIN\Users","CreateFiles","True"
"\WIN-RPK9O6GR3JM\foobar\STE\TMP","CREATOR OWNER","268435456","True"
...
"\WIN-RPK9O6GR3JM\SYSVOL\foobar.net","NT AUTHORITY\Authenticated Users","-1610612736","True"
...
"\WIN-RPK9O6GR3JM\SYSVOL\foobar.net","BUILTIN\Administrators","-536084480","True"
如果有人能就这些价值观是什么以及我如何翻译它们向我解释或指出正确的方向,我将不胜感激。
TIA!