Tuesday, May 28, 2013

Powershell: Get permissions on each vfiler cifs share.

Purpose: Get a list of all shares on each vfiler on each filer Notes: This script needs some work with the nested foreach loops and some error check cleanup. 

Import-Module dataontap

Function Get-ACLPermissions($Share){
 $acl = Get-Acl -Path $Share
return $ACL
}

$myCol = @()

$AllNetappFiler = "filer03","filer02"

foreach ($NetappFiler In $AllNetappFiler){


  write-host "Scanning $NetappFiler"   
 connect-nacontroller $NetappFiler | out-null
    $Vfilers = get-navfiler * | Select -expand Name
 foreach ($Vfiler in $Vfilers){
  connect-nacontroller $Vfiler 
  $vfiler
  $Shares = get-nacifsshare | Select -expand ShareName
  foreach ($Share in $Shares){
   Write-Host "$Vfiler insideloop"
   
   #If $Vfiler Blank then scan shares on filer.. Need to add logic
   $fullpath = "\\$Vfiler\$Share"
   
   
   
   $ShareACL = Get-ACLPermissions $fullpath
   $o = 0
   $ShareACL.Access | ForEach-Object {
    $Detail = New-Object PSObject  
    $Detail | Add-Member Noteproperty SystemName $NetappFiler
    $Detail | add-member Noteproperty Vfiler $Vfiler
    $Detail | Add-Member noteProperty Share $Share 
    
    $FileSystemRights = $ShareACL.Access[$o] | Select -ExpandProperty FileSystemRights #Example ReadAndExecute 
    $AccessControlType = $ShareACL.Access[$o] | Select -ExpandProperty AccessControlType #Example Allow/Deny
    $IdentityReference = $ShareACL.Access[$o] | Select -ExpandProperty IdentityReference #Example Everyone,Username
    $IsInherited = $ShareACL.Access[$o] | Select -ExpandProperty IsInherited #Are Permissions inherited
    $InheritanceFlags = $ShareACL.Access[$o] | Select -ExpandProperty InheritanceFlags #Type of Inheritance ContainerInherit
    $PropagationFlags = $ShareACL.Access[$o] | Select -ExpandProperty PropagationFlags #PropagationFlags
    
    switch -wildcard ($FileSystemRights) 
        { 
            "268435456*" {$FileSystemRights = "FullControl"} 
            "-536805376*" {$FileSystemRights = "Modify, Synchronize"} 
            "-1610612736*" {$FileSystemRights = "ReadAndExecute, Synchronize"} 
        }
     
    $Detail | Add-Member noteProperty IdentityReference $IdentityReference  
    $Detail | Add-Member noteProperty FileSystemRights $FileSystemRights
    $Detail | Add-Member noteProperty AccessControlType $AccessControlType
    $Detail | Add-Member noteProperty IsInherited $IsInherited
    $Detail | Add-Member noteProperty InheritanceFlags $InheritanceFlags  
    $Detail | Add-Member noteProperty PropagationFlags $PropagationFlags 
    $o++
    
    $myCol += $Detail
    }
  }


 } 
}
$myCol | Export-Csv -Path "c:\temp\Audit_NetappVfilerCifis.csv" -NoTypeInformation
-
Labels: , , , , , , , , , , , , , , , ,

1 comment:

  1. spydertekApril 16, 2014 at 2:08 PM

    Added in your if statement:

    after the :

    foreach ($Vfiler in $Vfilers){

    add the following:

    if ($vfiler -contains "vfiler0")
    {
    $vfiler = $vfiler.Replace("vfiler0", "$NetAppFiler")
    }

    ReplyDelete

Subscribe to: Post Comments (Atom)

Powershell: Microsoft Graph to add new roles to application registration

PowerShell Script Bulk add new roles to application registration in azure. Update $roles with ,Us...