powershell - 如何找出用户对特定文件夹的权限?
问题描述
我创建了解析特定目录“xyz”的脚本。我已经隔离了有权访问该目录的“NETZ”组,并递归地运行它们并计算用户数(删除了唯一的重复条目)。最后,我使用属性"samaccountname"和"name"导出了整个内容。
所以现在我有了“NETZ”组中的用户数量,这些用户可以访问这个目录。
this is a shortcut
samaccountname Name
-------------- ----
ADM-AD-Task ADM-AD-Task
adm-agayk ADM-agayk
ADM-akorn ADM-akorn
ADM-algoergen ADM-algoergen
ADM-bklann ADM-bklann
ADM-chhuebner ADM-chhuebner
adm-ckaehler ADM-ckaehler
ADM-daneumann ADM-daneumann
ADM-dhorn ADM-dhorn
ADM-dkrzyzostaniak ADM-dkrzyzostaniak
ADM-dmetz ADM-dmetz
this is the output of this variable $workersunique
现在,除了“samaccountname”和“name”属性,我还想获取每个用户的权限。例如,如果用户只有读取或写入权限。“组中的每个用户对此目录有什么权限。”
这是我的脚本
#get all groups of the directory
$GroupFolder = Get-NTFSAccess -Path "\\Vh01tools\xyz"
#remove the NOT NETZ groups
$GroupFolder = $GroupFolder -match "NETZ"
#go through the groups and add the users to a variable
for ($i=0; $i -lt $GroupFolder.length; $i++){
Write-Host $GroupFolder[$i]
$groupsarray = $GroupFolder[$i].Account.ToString()
$groupname = $groupsarray -replace "NETZ\\", ""
echo $groupname
if($groupname -eq "S-PCAdmin") {
echo "Do not add worker"
} else {
echo "add worker"
$workers += Get-ADGroupMember $groupname -Recursive | select samaccountname, Name
}
}
$wn = $workers.Count
echo "There is" $wn "workers."
$workerssorted = $workers | Sort-Object -Property samaccountname, name
$workersunique = $workerssorted | Select-Object -Property samaccountname, name -Unique
$accualworkers = $workersunique.Count
echo "there is" $accualworkers " workers."
# Here i tried to get the **permissions** from each user in the groups but it didn't work. It only gets me the access rights of the mentioned Account "ajenniat" as shown in the output.
Foreach ($m in $workersunique) {
$ma = Get-NTFSEffectiveAccess -Path "\\Vh01tools\xyz" -Account ajenniat
$ma
}
这是我得到的
PS G:\> C:\Users\yalhares\Desktop\fg.ps1
A 'NETZ\Domain Admins' (FullControl)
Domain Admins
add worker
A 'NETZ\S-ServEDA-VIS' (ReadAndExecute, Synchronize)
S-ServEDA-VIS
add worker
A 'NETZ\S-ServEDA-DIR' (Modify, Synchronize)
S-ServEDA-DIR
# The permissions of the three groups are displayed
add worker
There is
415
workers.
there is
83
workers.
WARNUNG: The user does not hold the Security Privliege and might not be able to read the effective permissions
Path: \\Vh01tools\xyz (Inheritance disabled)
Account Access Rights Applies to Type IsInherited InheritedFrom
------- ------------- ---------- ---- ----------- -------------
NETZ\ajenniat FullControl ThisFolderOnly Allow False
WARNUNG: The user does not hold the Security Privliege and might not be able to read the effective permissions
NETZ\ajenniat FullControl ThisFolderOnly Allow False
如您所见,我只能从指定的用户名“ajenniat”获得访问权限。我仍然需要获得其余 82 个用户的权限。
我真的非常非常想让这个工作。任何帮助将不胜感激。
提前非常感谢!
解决方案
推荐阅读
- android - 如何在 Android 上正确生成通知图标?
- wordpress - 在 WP Rest API 中获取 MetaBox 值
- nginx - “jrcs/letsencrypt-nginx-proxy-companion”泊坞窗图像:已经为确切的域集颁发了太多证书
- javascript - 动画以下轮播实现的最少步骤是什么?
- angular - 如何将对象推送到表单控件数组
- assembly - 使用 8086 组件制作矩形星形
- python - no NoSuchKey:调用GetObject操作时出错(NoSuchKey):指定的key不存在
- ios - 切换rootviewcontroller后导航控制器为nil
- ios - 我们可以在IOS设备上一次下载8gb的文件吗
- spring - Spring 集成 DefaultFtpsSessionFactory