Filesystem Audit Powershell
WIP, just throwing things down on paper at the moment.
Contents
Purpose
To generate a list of permissions on a network share, dump to database, compare to list of users from AD, generate reports as to what users have access too.
Process
This was a an uphill battle trying to re-learn objects (It has been a while since my last need for powershell). Trying to desing a new domain forest and security groups caused me to need to understand the current deployment. The idea with the current desing was to keep things simple, but business requirements got out of hand. [1]
(get-item \\network-share\directory).GetAccessControl() | select -ExpandProperty access | select identityreference,filesystemrights,isinherited
For matching regex[2]
Issues
One issue is the limited Windows API call that maxes out at 260 characters. This is a well documented problem that requires the use of unicode paths<https://blogs.msdn.microsoft.com/bclteam/2007/02/13/long-paths-in-net-part-1-of-3-kim-hamilton/</ref>
Other Notes
I ran into a FileSystemRights setting called Synchronize[3]. This is important to sync the contents of containers with the container. In other words this allows you to be able to open the contents using the path provided. Or something like that.
- ↑ https://blogs.technet.microsoft.com/zarkatech/2012/01/14/audit-file-server-permissions-using-powershell/
- ↑ https://stackoverflow.com/questions/804754/how-do-i-return-only-the-matching-regular-expression-when-i-select-stringgrep
- ↑ https://rohnspowershellblog.wordpress.com/2015/01/16/what-does-the-synchronize-file-system-right-mean/
