Import-Module dataontap
Function Get-ACLPermissions($Share){
$acl = Get-Acl -Path $Share
return $ACL
}
$myCol = @()
$AllNetappFiler = "filer03","filer02"
foreach ($NetappFiler In $AllNetappFiler){
write-host "Scanning $NetappFiler"
connect-nacontroller $NetappFiler | out-null
$Vfilers = get-navfiler * | Select -expand Name
foreach ($Vfiler in $Vfilers){
connect-nacontroller $Vfiler
$vfiler
$Shares = get-nacifsshare | Select -expand ShareName
foreach ($Share in $Shares){
Write-Host "$Vfiler insideloop"
#If $Vfiler Blank then scan shares on filer.. Need to add logic
$fullpath = "\\$Vfiler\$Share"
$ShareACL = Get-ACLPermissions $fullpath
$o = 0
$ShareACL.Access | ForEach-Object {
$Detail = New-Object PSObject
$Detail | Add-Member Noteproperty SystemName $NetappFiler
$Detail | add-member Noteproperty Vfiler $Vfiler
$Detail | Add-Member noteProperty Share $Share
$FileSystemRights = $ShareACL.Access[$o] | Select -ExpandProperty FileSystemRights #Example ReadAndExecute
$AccessControlType = $ShareACL.Access[$o] | Select -ExpandProperty AccessControlType #Example Allow/Deny
$IdentityReference = $ShareACL.Access[$o] | Select -ExpandProperty IdentityReference #Example Everyone,Username
$IsInherited = $ShareACL.Access[$o] | Select -ExpandProperty IsInherited #Are Permissions inherited
$InheritanceFlags = $ShareACL.Access[$o] | Select -ExpandProperty InheritanceFlags #Type of Inheritance ContainerInherit
$PropagationFlags = $ShareACL.Access[$o] | Select -ExpandProperty PropagationFlags #PropagationFlags
switch -wildcard ($FileSystemRights)
{
"268435456*" {$FileSystemRights = "FullControl"}
"-536805376*" {$FileSystemRights = "Modify, Synchronize"}
"-1610612736*" {$FileSystemRights = "ReadAndExecute, Synchronize"}
}
$Detail | Add-Member noteProperty IdentityReference $IdentityReference
$Detail | Add-Member noteProperty FileSystemRights $FileSystemRights
$Detail | Add-Member noteProperty AccessControlType $AccessControlType
$Detail | Add-Member noteProperty IsInherited $IsInherited
$Detail | Add-Member noteProperty InheritanceFlags $InheritanceFlags
$Detail | Add-Member noteProperty PropagationFlags $PropagationFlags
$o++
$myCol += $Detail
}
}
}
}
$myCol | Export-Csv -Path "c:\temp\Audit_NetappVfilerCifis.csv" -NoTypeInformation
Showing posts with label acl. Show all posts
Showing posts with label acl. Show all posts
Tuesday, May 28, 2013
Powershell: Get permissions on each vfiler cifs share.
Purpose: Get a list of all shares on each vfiler on each filer
Notes: This script needs some work with the nested foreach loops and some error check cleanup.
Thursday, May 9, 2013
Powershell: Read servers from AD and search for shares and return ACL permissions
Purpose:
Connects to active directory and pulls a list of all computer objects that are servers and check ACL permissions
Import-Module ActiveDirectory
#Most of the information to do this was from this site.
#http://blogs.technet.com/b/heyscriptingguy/archive/2009/09/14/hey-scripting-guy-september-14-2009.aspx
Function Get-ACLPermissions($Share){
$acl = Get-Acl -Path $Share
return $ACL
}
function Get-MyShares
{
#Function by
#http://www.peetersonline.nl/2008/11/finding-shares-with-powershell/
param([string]$Server)
$Shares = Get-WmiObject -Class Win32_Share -ComputerName $Server
$output = @()
ForEach ($Share in $Shares)
{
$fullpath = “\\{0}\{1}” -f $server, $share.name
Add-Member -MemberType NoteProperty -InputObject $Share -Name FullPath -Value $fullpath
$output += $Share
}
Return $output
}
#Path to where the CSV file is written to
$PathtoCSV = "C:\temp\AuditACL.csv"
#Create Header in CSV
"Server;Share;Username;FileSystemRights;AccessControlType;IsInherited;InheritanceFlags" > $PathtoCSV
#Get all computers that are servers from AD
$Servers = Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Select -Expand Name
$i = 0
foreach ($Server in $Servers)
# update counter and write progress
{
$i++
Write-Progress -activity "Scanning Machine $Server" -status "Scanned: $i of $($Servers.Count)" -percentComplete (($i / $Servers.Count) * 100)
# Get all Shares on server
$Shares = Get-MyShares $Server | Select -ExpandProperty Name
foreach ($Share_Current in $Shares){
#Process all Shares on Server
$fullpath = "\\$Server\$Share_Current"
$ShareACL = Get-ACLPermissions $fullpath
$o = 0
$ShareACL.Access | ForEach-Object {
$FileSystemRights = $ShareACL.Access[$o] | Select -ExpandProperty FileSystemRights #Example ReadAndExecute
$AccessControlType = $ShareACL.Access[$o] | Select -ExpandProperty AccessControlType #Example Allow/Deny
$IdentityReference = $ShareACL.Access[$o] | Select -ExpandProperty IdentityReference #Example Everyone,Username
$IsInherited = $ShareACL.Access[$o] | Select -ExpandProperty IsInherited #Are Permissions inherited
$InheritanceFlags = $ShareACL.Access[$o] | Select -ExpandProperty InheritanceFlags #Type of Inheritance ContainerInherit
$PropagationFlags = $ShareACL.Access[$o] | Select -ExpandProperty PropagationFlags #PropagationFlags
$o++
switch -wildcard ($FileSystemRights)
{ #Should be a better way to do this via function
"268435456*" {$FileSystemRights = "FullControl"}
"-536805376*" {$FileSystemRights = "Modify, Synchronize"}
"-1610612736*" {$FileSystemRights = "ReadAndExecute, Synchronize"}
}
$Combine = $Server,$fullpath,$IdentityReference,$FileSystemRights,$AccessControlType,$IsInherited,$InheritanceFlags
Write-Host "$Combine to $PathtoCSV"
$Combine -join ";" >> $PathtoCSV
}
}
}
Subscribe to:
Posts (Atom)
-
Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools th... -
#reads event logs for filter and exports to $Date = ( Get-Date ).AddMinutes(-30) $LogName = 'Security' $ProviderName = ...
-
Using Google Chrome or MS Edge: Disable Javascript post page load. 1. Open console in dev tools 2. press ctrl - alt - p 3. In the run dial...