Export folder permission using PowerShell

Recently we where moving folder and shares from one server to another. We need to confirm that the folder and permissions were the same on both the old and new share.

To do this I used PowerShell to export the pre and post move permissions and compare the results.

Below is the full script I will be using two commands to get most of the information

Get-ChildItem and Get-Acl.  The three parts that would need to be updated are the export path, search path and the export file name.

## Export Path
$ExportPath = “C:\temp\Export”
## Search Path
$Search = “\\lab-host01\sources”
## Results variable
$results = @()
## Get Folders
$Folders = Get-ChildItem -Path $Search |  Select-Object Name,FullName,LastWriteTime,Length
foreach ($Folder in $Folders){
$size = ((Get-ChildItem -Path $Folder.FullName -Recurse | Measure-Object -Property Length -Sum -ErrorAction SilentlyContinue).Sum / 1MB)
## Get access control list
$Acls = Get-Acl -Path $Folder.FullName -ErrorAction SilentlyContinue
## Loop through ACL
foreach ($Acl in $Acls.Access) {
if ($Acl.IdentityReference -notlike “BUILTIN\Administrators” -and $Acl.IdentityReference -notlike “CREATOR OWNER” -and
$Acl.IdentityReference -notlike “NT AUTHORITY\SYSTEM” -and $Acl.FileSystemRights -notlike “-*” -and  $Acl.FileSystemRights -notlike “268435456”`
-and $Acl.IdentityReference -notlike “S-1-*”){
## formate properties for result hash table
$properties = @{
FolderName = $Folder.Name
FolderPath = $Folder.FullName
IdentityReference = $Acl.IdentityReference.ToString()
Size = [math]::Round($size,2)
Permissions = $Acl.FileSystemRights
AccessControlType = $Acl.AccessControlType.ToString()
IsInherited = $Acl.IsInherited
}
$results += New-Object psobject -Property $properties
            }
        }
    }
## Export results
$results | Select-Object FolderName,FolderPath,IdentityReference,Size,Permissions,AccessControlType,IsInherited |
Export-Csv -Path $ExportPath\Pre_Permission.csv -Append -NoTypeInformation
I ran the script and changed the exported csv name to pre and post to be used to compare.
Per1
Below is what the export should look like.
Per2
Per3
Once the pre and post export are done we can use compare-object to find any differences. Below is the script I used.
Just need to update the import-csv paths, I was moving to a share that would have the FQDN so if that is not the case you can removed the FolderPath from the compare-Object property otherwise all result will not match.
$PreCIFSCheck = Import-Csv -Path “D:\Scripts\Folder_Permissions\Export\Pre_Permission.csv”
$PostCIFSCheck = Import-Csv -Path  “D:\Scripts\Folder_Permissions\Export\Post_Permission.csv”
$comparePermssions = Compare-Object $PreCIFSCheck $PostCIFSCheck -Property FolderName,FolderPath,IdentityReference,Permissions,AccessControlType
if ($comparePermssions){
Foreach ($Folder in $comparePermssions){
Write-Warning “Permssion missing from $($Folder.FolderName)”
$Folder | Export-Csv -Path “D:\Scripts\Folder_Permissions\Export\Compare_Results.csv” -NoTypeInformation -Append
            }
    }
Per4Per5
Below is the export results showing the difference between the pre and post move Per6

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s