Hows that for a title?
I have this script Ive been working on that does two basic things: a) Use get-ntfsaccess to pull the security for a folder and then b) use the output to look up the group members of the groups that have access.
$Outfile2 = "C:\Users\local\Documents\GroupMembers.csv"
$Header2 = "GroupName,Member"
Add-Content -Value $Header2 -Path $Outfile2
$RootPath = "p:\city\Department\building"
$Folders = get-childitem2 -directory -recurse -path $RootPath
foreach ($Folder in $Folders){
$ACLs = Get-NTFSAccess $Folder.fullname
Foreach ($ACL in $ACLs){
If ($Acl.accounttype -match 'group' -and $acl.Account.accountname -notmatch '^builtin|^NT AUTHORITY\\|^Creator|^AD\\Domain')
{
$members = Get-ADGroupMember $acl.Account.accountname.TrimStart("AD\\")
}
Foreach ($member in $members) {
$OutInfo = $ACL.Account.AccountName + "," + $member.samaccountname
Add-Content -Value $OutInfo -Path $OutFile2
}
}}
Id like to be able to filter the output of get-ntfsaccess. I want to only lookup 'groups' and groups that arent the base groups (like builtin, domain admins, etc) but my match and not match arent working in the script. If I take that exact same line and run it from the prompt - it works.
PS C:\Windows\system32> $acl.Account.accountname -notmatch '^builtin|^NT AUTHORITY\\|^Creator|^AD\\Domain'
True
When run as part of the script - doesnt work. My output includes all of the domain base groups and users. Id like to also eventually add -unique to only get unique groups but this part has got me stumped....
Thanks in advance...!
Aucun commentaire:
Enregistrer un commentaire