我试图限制此脚本的递归深度,该脚本生成文件夹,关联的安全组以及每个组的成员的列表。我正在使用PowerShell 5.1。
我尝试在第18行添加-Depth 3
(如下所示),但我仍然获得所有级别。运行脚本时,我尝试在命令行上添加-Depth 3
,但是会出错。
这是我用来运行脚本的命令:
./Get_folder_acls_depth_test.ps1 -Path I:\dir_name -Recurse | Export-Csv c:\temp\dir_name.csv
我也尝试过,但是出现错误:
./Get_folder_acls_depth_test.ps1 -Path I:\dir_name -Recurse -Depth 3 | Export-Csv c:\temp\dir_name.csv
[CmdletBinding()]
Param(
[ValidateScript({Test-Path $_ -PathType Container})]
[Parameter(Mandatory=$true)]
[string]$Path,
[switch]$Recurse
)
Write-Verbose "$(Get-Date): Script begins!"
Write-Verbose "Getting domain name..."
$Domain = (Get-ADDomain).NetBIOSName
Write-Verbose "Getting ACLs for folder $Path"
if ($Recurse) {
Write-Verbose "...and all sub-folders"
Write-Verbose "Gathering all folder names, this could take a long time on bigger folder trees..."
$Folders = Get-ChildItem -Path $Path -Directory -Recurse -Depth 3
} else {
$Folders = Get-Item -Path $Path
}
Write-Verbose "Gathering ACL's for $($Folders.Count) folders..."
foreach ($Folder in $Folders) {
Write-Verbose "Working on $($Folder.FullName)..."
$ACLs = Get-Acl $Folder.FullName | ForEach-Object { $_.Access }
foreach ($ACL in $ACLs) {
if ($ACL.IdentityReference -match "\\") {
if ($ACL.IdentityReference.Value.Split("\")[0].ToUpper() -eq $Domain.ToUpper()) {
$Name = $ACL.IdentityReference.Value.Split("\")[1]
if ((Get-ADObject -Filter 'SamAccountName -eq $Name').ObjectClass -eq "group") {
foreach ($User in (Get-ADGroupMember $Name -Recursive | Select -ExpandProperty Name)) {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = $Name
User = $User
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
} else {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = ""
User = Get-ADUser $Name | Select -ExpandProperty Name
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
} else {
$Result = New-Object PSObject -Property @{
Path = $Folder.Fullname
Group = ""
User = $ACL.IdentityReference.Value
FileSystemRights = $ACL.FileSystemRights
AccessControlType = $ACL.AccessControlType
Inherited = $ACL.IsInherited
}
$Result | Select Path,Group,User,FileSystemRights
}
}
}
}
Write-Verbose "$(Get-Date): Script completed!"
该脚本适用于获取所有级别,我只想将其限制为2-4级。
答案 0 :(得分:0)
我测试了这种对您脚本的黑客攻击,以检查您的if / else语句是否正常运行,并且得到正确的结果:
function Test-Recurse {
Param(
[ValidateScript( {Test-Path $_ -PathType Container})]
[Parameter(Mandatory = $true)]
[string]$Path,
[switch]$Recurse
)
begin {
Write-Verbose "$(Get-Date): Script begins!"
$folders = $null
}
process {
if ($Recurse) {
Write-Output -InputObject "Recurse has been selected"
$folders = Get-ChildItem -Path $Path -Directory -Recurse -Depth 3
}
else {
Write-Output -InputObject "Recurse has NOT been selected"
$folders = Get-ChildItem -Path $Path -Directory
}
}
end {
return $folders.fullName
}
}
PS C:\ GitHub \ Guyver1wales \ PowerShell>测试递归-路径c:\ programdata \ razer
未选择递归
C:\ programdata \ razer \ Installer
C:\ programdata \ razer \ Razer Central
C:\ programdata \ razer \ RzEndpointPicker
C:\ programdata \ razer \ Services
C:\ programdata \ razer \ ServiceSetup
C:\ programdata \ razer \ Synapse
PS C:\ GitHub \ Guyver1wales \ PowerShell>测试递归-Path
c:\ programdata \ razer-递归
已选择递归
C:\ programdata \ razer \ Installer
C:\ programdata \ razer \ Razer Central
C:\ programdata \ razer \ RzEndpointPicker
C:\ programdata \ razer \ Services
C:\ programdata \ razer \ ServiceSetup
C:\ programdata \ razer \ Synapse
C:\ programdata \ razer \ Installer \ Logs
C:\ programdata \ razer \ Razer Central \ Icons
C:\ programdata \ razer \ Razer Central \ Logs
C:\ programdata \ razer \ Razer Central \ Icons \ Dark
C:\ programdata \ razer \ Razer Central \ Icons \ Lifestyle
C:\ programdata \ razer \ Razer Central \ Icons \ Light
C:\ programdata \ razer \ RzEndpointPicker \ Accounts
C:\ programdata \ razer \ Services \ Logs
C:\ programdata \ razer \ Synapse \ Accounts
C:\ programdata \ razer \ Synapse \ CrashReporter
C:\ programdata \ razer \ Synapse \ Devices
C:\ programdata \ razer \ Synapse \ Logs
C:\ programdata \ razer \ Synapse \ Mats
C:\ programdata \ razer \ Synapse \ Modules
...
C:\ programdata \ razer \ Synapse \ ProductUpdates \ Uninstallers
C:\ programdata \ razer \ Synapse \ ProductUpdates \ Uninstallers \ RazerCommonConfig
C:\ programdata \ razer \ Synapse \ ProductUpdates \ Uninstallers \ RazerDeathAdder3500Config
C:\ programdata \ razer \ Synapse \ ProductUpdates \ Uninstallers \ RazerFonts
C:\ programdata \ razer \ Synapse \ ProductUpdates \ Uninstallers \ Razer_Common_Driver
PS C:\ GitHub \ Guyver1wales \ PowerShell>
-深度从0开始,因此-深度3将显示4个子文件夹: C:\ programdata \ razer \ Synapse \ ProductUpdates \ Uninstallers \ RazerDeathAdder3500Config
0 = \突触
1 = \ ProductsUpdates
2 = \卸载程序
3 = \ RazerDeathAdder3500Config