My end goal is to find what groups have rights to which data path's. Now I don't have access to everything and the root data path has a lot of data and many different levels so I want to limit how many levels down I look in the data path as well.
I've written the following script to get the permissions and only go three levels deep. I'm having a issue with logging the errors I get and I'm hoping someone can help. If someone else has an more effecient way to accomplish this I'd be very interested in learning about it.
Thanks to anyone and everyone that posts I do appreciate the help.
$Passed = @() $Failed = "C:\TEMP\Perm-Failed.txt" $RootPath = "\\Data\Path" @(gi $RootPath;gci $RootPath ;gci $RootPath\*; gci $RootPath\*\*; gci $RootPath\*\*\*)|where{$_.psiscontainer -eq $True}| foreach-object { $FilePath = $_.fullname Try { $Passed += get-acl $_.fullname |select @{n='Path';e={Split-Path $_.Path-NoQualifier}} -expand access | select Path, IdentityReference, FileSystemRights, IsInherited #select Path, IdentityReference, FileSystemRights, IsInherited, pschildname, pspath, accesstostring } Catch { $FilePath | Add-Content $Failed } } $Passed | export-csv "C:\temp\Perm-4-atcgroups-data.csv"
Here are some examples of the errors I'm trying to get: Get-ChildItem : Access to the path '\\Data\path\Sub-folder\someCharts' is denied. Get-Acl : Attempted to perform an unauthorized operation Get-ChildItem : Logon Failure: The target account name is incorrect. Get-ChildItem : The network path was not found.
I did find this link and the post from "Kazun" but haven't been able to get it to work. http://social.technet.microsoft.com/Forums/windowsserver/en-US/59558a13-6c46-4aeb-b152-96ce19467267/error-handling-during-getacl-access-denied?forum=winserverpowershell
Thanks in Adavance