Situatie
De multe ori se cere să se verifice permisiunile de folder pentru un utilizator dintr-un anumit loc pe unul dintre serverele noastre. Am scris un script foarte simplu pentru a-mi aduce această informație.
Solutie
Acest lucru solicită utilizatorului: “Introduceți o cale UNC” care, o dată introdusă, merge și ia permisiile NTFS, precum și permisiunile SMB Share.
Powershell Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Write-Host $path = Read-host “Enter a UNC Path: ” $pathparts = $path .split( "" ) $ComputerName = $pathparts [2] $ShareName = $pathparts [3] Write-Host "File Sharing Permissions Report - $path" Write-Host $acl = Get-Acl $path Write-Host "File/NTFS Permissions" Write-Host foreach ( $accessRule in $acl .Access) { Write-Host " " $accessRule .IdentityReference $accessRule .FileSystemRights } Write-Host Write-Host "Share/SMB Permissions" Write-Host $Share = Get-WmiObject win32_LogicalShareSecuritySetting -Filter "name='$ShareName'" -ComputerName $ComputerName if ( $Share ){ $obj = @() $ACLS = $Share .GetSecurityDescriptor().Descriptor.DACL foreach ( $ACL in $ACLS ){ $User = $ACL .Trustee.Name if (!( $user )){ $user = $ACL .Trustee.SID} $Domain = $ACL .Trustee.Domain switch ( $ACL .AccessMask) { 2032127 { $Perm = "Full Control" } 1245631 { $Perm = "Change" } 1179817 { $Perm = "Read" } } Write-Host " $Domain$user $Perm" } } Write-Host |
Exemplu output:
.Get-Permissions-NTFS-SMB.ps1 Enter a UNC Path: : filesrvWorking Groups File Sharing Permissions Report - filesrvWorking Groups File/NTFS Permissions BUILTINAdministrators FullControl DOMAINDomain Admins FullControl DOMAINDomain Users ReadAndExecute, Synchronize DOMAINFolder - File Server Admins FullControl Share/SMB Permissions DOMAINDomain Admins Full Control DOMAINDomain Users Full Control
Leave A Comment?