Situatie
De multe ori se cere să se verifice permisiunile de folder pentru un utilizator dintr-un anumit loc pe unul dintre serverele noastre. Am scris un script foarte simplu pentru a-mi aduce această informație.
Solutie
Acest lucru solicită utilizatorului: “Introduceți o cale UNC” care, o dată introdusă, merge și ia permisiile NTFS, precum și permisiunile SMB Share.
Powershell Code
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Write-Host$path = Read-host “Enter a UNC Path: ”$pathparts = $path.split("")$ComputerName = $pathparts[2]$ShareName = $pathparts[3]Write-Host "File Sharing Permissions Report - $path"Write-Host$acl = Get-Acl $pathWrite-Host "File/NTFS Permissions"Write-Hostforeach($accessRule in $acl.Access){Write-Host " " $accessRule.IdentityReference $accessRule.FileSystemRights}Write-HostWrite-Host "Share/SMB Permissions"Write-Host$Share = Get-WmiObject win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $ComputerNameif($Share){$obj = @()$ACLS = $Share.GetSecurityDescriptor().Descriptor.DACLforeach($ACL in $ACLS){$User = $ACL.Trustee.Nameif(!($user)){$user = $ACL.Trustee.SID}$Domain = $ACL.Trustee.Domainswitch($ACL.AccessMask){2032127 {$Perm = "Full Control"}1245631 {$Perm = "Change"}1179817 {$Perm = "Read"}}Write-Host " $Domain$user $Perm"}}Write-Host |
Exemplu output:
.Get-Permissions-NTFS-SMB.ps1
Enter a UNC Path: : filesrvWorking Groups
File Sharing Permissions Report - filesrvWorking Groups
File/NTFS Permissions
BUILTINAdministrators FullControl
DOMAINDomain Admins FullControl
DOMAINDomain Users ReadAndExecute, Synchronize
DOMAINFolder - File Server Admins FullControl
Share/SMB Permissions
DOMAINDomain Admins Full Control
DOMAINDomain Users Full Control
Leave A Comment?