Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Install Module
- Install-Module NTFSSecurity -Force #-AllowClobber
- Get-Command -Module NTFSSecurity
- # Create the Example folder and Secure file
- New-Item -Path C:\Example -ItemType Directory | Out-Null
- "Secure" | Out-File -FilePath C:\Example\Secure.txt
- Get-ChildItem -Path C:\Example
- # Query NTFS rights
- Get-NTFSAccess -Path C:\Example | Format-Table -AutoSize
- Get-NTFSAccess C:\Example\Secure.txt | Format-Table -AutoSize
- # Hjaltitest gets full access to the Examples folder
- $EX = @{
- Path = 'C:\Example'
- Account = 'domain\hjaltitest'
- AccessRights = 'FullControl'
- }
- Add-NTFSAccess @EX -PassThru
- # hjaltitest rights are withdrawn again
- $EX = @{
- Path = 'C:\Example'
- Account = 'domain\hjaltitest'
- AccessRights = 'FullControl'
- }
- Remove-NTFSAccess @EX -PassThru
- # Disable inheritance and remove parent rights
- $EX = @{
- Path = 'C:\Example'
- RemoveInheritedAccessRules = $True
- }
- Disable-NTFSAccessInheritance @EX -PassThru
- # hjaltitest only gets full access to the Example folder and all the data underneath
- $EX = @{
- Path = 'C:\Example'
- Account = 'domain\hjaltitest'
- AccessRights = 'FullControl'
- }
- Add-NTFSAccess @EX -PassThru
- # Query NTFS rights
- Get-NTFSAccess -Path C:\Example | Format-Table -AutoSize
- Get-NTFSAccess C:\Example\Secure.txt | Format-Table -AutoSize
- # Create the Example folder and Secure2 file
- New-Item -Path C:\Example\Subfolder1 -ItemType Directory | Out-Null
- "Secure" | Out-File -FilePath C:\Example\Subfolder1\Secure2.txt
- Get-ChildItem -Path C:\Example\Subfolder1
- # hjaltitest only gets read rights to the subfolder and all the data underneath it
- $EX = @{
- Path = 'C:\Example\Subfolder1'
- Account = 'domain\hjaltitest'
- AccessRights = 'Read'
- }
- Add-NTFSAccess @EX -PassThru
- # hjaltitest gets Modify rights to the subfolder and all the data underneath it
- $EX = @{
- Path = 'C:\Example\Subfolder1\Testdata.txt'
- Account = 'domain\hjaltitest'
- AccessRights = 'Modify'
- }
- Add-NTFSAccess @EX -PassThru
- # hjaltitest gets the right to read and execute on the test file.txt in the subfolder
- $EX = @{
- Path = 'C:\Example\Subfolder1\Testdata.txt'
- Account = 'domain\hjaltitest'
- AccessRights = 'ReadandExecute'
- }
- Add-NTFSAccess @EX -PassThru
- # hjaltitest only gets the right to change permissions on the test file.txt in the subfolder
- $EX = @{
- Path = 'C:\Example\Subfolder1\Testdata.txt'
- Account = 'domain\hjaltitest'
- AccessRights = 'Change'
- }
- Add-NTFSAccess @EX -PassThru
- # hjaltitest only becomes the owner of the Example folder
- $EX = @{
- Path = 'C:\Example'
- Account = 'domain\hjaltitest'
- }
- Set-NTFSOwner @EX -PassThru
- # Activate inheritance of the Example folder again, the higher-level permissions are set again
- $EX = @{
- Path = 'C:\Example'
- }
- Enable-NTFSAccessInheritance @EX -PassThru
- # Show which permissions were set manually but not inherited permissions
- Dir 'C:\Example' | Get-NTFSAccess –ExcludeInherite
- # Remove all permissions on the folder except for the inherited ones
- $EX = @{
- Path = 'C:\Example'
- }
- Clear-NTFSAccess @EX
- # Recursively remove all permissions that have been set manually on the folder except for the inherited ones
- Get-ChildItem -Path 'C:\Example' -Recurse -Force | Clear-NTFSAccess
- # Show effective NTFS permissions on folders of a specific user
- Get-ChildItem -Path 'C:\Example' -Recurse -Directory | Get-NTFSEffectiveAccess -Account 'domain\hjaltitest' | select Account, AccessControlType, AccessRights, FullName
- # Show effective permissions of a file
- Get-Item -Path 'C:\Example\Secure.txt' | Get-NTFSEffectiveAccess -Account 'domain\hjaltitest' | Format-List
- # Create report of a folder recursively
- $FolderPath = Get-ChildItem -Directory -Path "C:\Temp" -Recurse -Force
- $Output = @()
- ForEach ($Folder in $FolderPath) {
- $Acl = Get-Acl -Path $Folder.FullName
- ForEach ($Access in $Acl.Access) {
- $Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
- $Output += New-Object -TypeName PSObject -Property $Properties
- }
- }
- $Output | Export-csv -Path "D:\Report.csv" -Encoding UTF8
- # Change ownership and give a group full access to files
- $AL = Get-Content "C:\Temp\AccessList.txt"
- foreach ($i in $AL)
- {
- If(Test-Path $i)
- {
- Write-Host "Ändere den Owner des Ordners $i" -Foreground Green
- Get-Item $i | Set-NTFSOwner -Account 'dwp.local\JW'
- Get-Item $i | Add-NTFSAccess -Account 'dwp.local\JW' -AccessRights FullControl
- Get-Item $i | Add-NTFSAccess -Account 'NT AUTHORITY\System' -AccessRights FullControl
- $items = @()
- $items = $null
- $path = $null
- $items = Get-Childitem $i -recurse -force
- foreach($item in $items)
- {
- $path = $item.FullName
- Write-Host "Die Gruppe File-Admins bekommt Vollzugriff auf $path" -Foreground Green
- Get-Item -force $path | Set-NTFSOwner -Account 'dwp.local\FileAdmin'
- Get-Item -force $path | Add-NTFSAccess -Account 'dwp.local\FileAdmin' -AccessRights FullControl
- }
- }
- }
- # Output the syntax of the NTFSSecurity module
- Get-Command -Module NTFSSecurity -CommandType Cmdlet -Syntax | Out-GridView
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement