Using Get-Acl to Identify Administrator Permissions

A good friend – a certain Mr X - asked me the following:

 

“…Do you happen to have a PowerShell command or script that would look at a Fileserver and dump out all the files and folders that the Administrator has permissions on?...”

 

Well, I didn’t have a snippet to do that, but I do now J

 

The following was written to work with PS v2.

 

Get permissions on items in a folder using Get-ChildItem piped to Get-Acl:

 

$Items = Get-ChildItem C:\Windows | Get-Acl

 

 

Get permissions on items in a drive using the same technique:

 

$Items = Get-ChildItem C:\ -Recurse | Get-Acl

 

 

 

Loop through each file or folder collected ($Item) and expand the ‘Access’ property. Test each identity stored in the ‘IdentityReference’ property to see if it contains the ‘*Administrators*’ string. If it does, write the item path and the complete identity reference to the console.

 

 

ForEach ($Item in $Items) {

 

    $Ids = $Item | Select-Object -ExpandProperty Access

 

        ForEach ($Id in $Ids) {

 

            If ($Id.IdentityReference -like "*Administrators*") {

 

                Write-Host "$($Item.Path),$($Id.IdentityReference)"

 

            }   #End of If ($Id.IdentityReference -like "*Administrators*")

 

        }   #End of ForEach ($Id in $Ids)

 

}   #End of ForEach ($Item in $Items)

 

 

 

For example:

 

 

 

Update Write-Host to an append redirection operator (>>) or pipe the string to Out-File for a report…

 

"$($Item.Path),$($Id.IdentityReference)" >> results.txt

 

 

I also pointed Mr X in the direction of the following PS module and, specifically, the ‘Get-EffectivePermissions’ function:

 

File System Security PowerShell Module 2.4

https://gallery.technet.microsoft.com/scriptcenter/1abd77a5-9c0b-4a2b-acef-90dbb2b84e85

 

 

Laters!

Comments

• Anonymous
  February 28, 2014
  Thanks