Get ACL of folder for a specific user

1
votes

I'm new to Powershell and I need to know how to list all permissions of a folder for a specific user. This is what I have discovered so far:

However, this does not return any value with the Write-Output command. Changing it to Write-Host didn't work as well. Am I missing some crucial parts?

$user = "testumgebung\cbruehwiler"
$path = "T:\"
$list = Get-ChildItem $path -Recurse | Where-Object {(Get-Acl $_.FullName).Access | Where-Object {$_.IdentityReference -eq $user} }
Write-Output $list

This does return a list with folders, where I have access to. But it would be better if I can get a list with all the folders where I have access to and list the permissions I have (read, write, execute, full control).

This is a sample of the list:

Directory: T:\

Mode: d----

LastWriteTime: 17.04.2019 08:25

Name: TestFolder

2
powershellpermissionsdirectorypowershell-2.0acl

2 Answers

0
votes

Here's another alternative. This will store the full output in a list that could be exported to a CSV or similar if wanted.

$User = "testumgebung\cbruehwiler"
$Path = "T:\"
# Generic list object to store output in
$List = New-Object System.Collections.Generic.List[System.Object]

# Fields we want in list, an array of calculated properties.
$OutputFields = @(
    @{name="Item" ;       expression={$_.Path.split(':',3)[-1]}}
    @{name="Rights" ;     expression={$Right.FileSystemRights}}
    @{name="AccessType" ; expression={$Right.AccessControlType}}
) 
# Store all objects in variable
$FileSystemObjects = Get-ChildItem $Path -Recurse | ForEach-Object {Get-Acl $_.FullName}

# Iterate through every object
foreach ($Item in $FileSystemObjects) {
    # Iterate through every individual user right within each object
    # Add it to our list if it matchers our $User
    foreach ($Right in $Item.Access) {
        if ($Right.IdentityReference -eq $User) {
            $List.Add(($Item | Select-Object $OutputFields))
        }
    }   
}
# Output our list to screen.
$List
0
votes

Something like this will get the information you need, like the folder, user and permission. Then you can create the output you want, like csv file, custom object, or whatever suits you needs. 

$user = "testumgebung\cbruehwiler"
$path = "T:\"
$folders = Get-ChildItem $path -Recurse
foreach ($folder in $folders)
{
    $acl = (Get-Acl $folder.FullName).Access | Where-Object { $_.IdentityReference -eq $user }
    # Folder name
    $folder.FullName
    # User/group name
    $acl.IdentityReference
    # Folder permissions
    $acl.FileSystemRights
}

I'm not sure how the permissions is setup in your folder, but remember that this approach you are going will not check if the user is member of a group that has access to the folder, it will only check if the user has direct access to it.