Powershell-NTFSSecurity-Example

1. # Install Module
2. Install-Module NTFSSecurity -Force #-AllowClobber
3. Get-Command -Module NTFSSecurity
4.  
5. # Create the Example folder and Secure file
6. New-Item -Path C:\Example -ItemType Directory | Out-Null
7. "Secure" | Out-File -FilePath C:\Example\Secure.txt
8. Get-ChildItem -Path C:\Example
9.  
10. # Query NTFS rights
11. Get-NTFSAccess -Path C:\Example | Format-Table -AutoSize
12. Get-NTFSAccess C:\Example\Secure.txt | Format-Table -AutoSize
13.  
14. # Hjaltitest gets full access to the Examples folder
15. $EX = @{
16. Path = 'C:\Example'
17. Account = 'domain\hjaltitest'
18. AccessRights = 'FullControl'
19. }
20. Add-NTFSAccess @EX -PassThru
21.  
22. # hjaltitest rights are withdrawn again
23. $EX = @{
24. Path = 'C:\Example'
25. Account = 'domain\hjaltitest'
26. AccessRights = 'FullControl'
27. }
28. Remove-NTFSAccess @EX -PassThru
29.  
30. # Disable inheritance and remove parent rights
31. $EX = @{
32. Path = 'C:\Example'
33. RemoveInheritedAccessRules = $True
34. }
35. Disable-NTFSAccessInheritance @EX -PassThru
36.  
37. # hjaltitest only gets full access to the Example folder and all the data underneath
38. $EX = @{
39. Path = 'C:\Example'
40. Account = 'domain\hjaltitest'
41. AccessRights = 'FullControl'
42. }
43. Add-NTFSAccess @EX -PassThru
44.  
45. # Query NTFS rights
46. Get-NTFSAccess -Path C:\Example | Format-Table -AutoSize
47. Get-NTFSAccess C:\Example\Secure.txt | Format-Table -AutoSize
48.  
49.  
50. # Create the Example folder and Secure2 file
51. New-Item -Path C:\Example\Subfolder1 -ItemType Directory | Out-Null
52. "Secure" | Out-File -FilePath C:\Example\Subfolder1\Secure2.txt
53. Get-ChildItem -Path C:\Example\Subfolder1
54.  
55.  
56. # hjaltitest only gets read rights to the subfolder and all the data underneath it
57. $EX = @{
58. Path = 'C:\Example\Subfolder1'
59. Account = 'domain\hjaltitest'
60. AccessRights = 'Read'
61. }
62. Add-NTFSAccess @EX -PassThru
63.  
64. # hjaltitest gets Modify rights to the subfolder and all the data underneath it
65. $EX = @{
66. Path = 'C:\Example\Subfolder1\Testdata.txt'
67. Account = 'domain\hjaltitest'
68. AccessRights = 'Modify'
69. }
70. Add-NTFSAccess @EX -PassThru
71.  
72. # hjaltitest gets the right to read and execute on the test file.txt in the subfolder
73. $EX = @{
74. Path = 'C:\Example\Subfolder1\Testdata.txt'
75. Account = 'domain\hjaltitest'
76. AccessRights = 'ReadandExecute'
77. }
78. Add-NTFSAccess @EX -PassThru
79.  
80. # hjaltitest only gets the right to change permissions on the test file.txt in the subfolder
81. $EX = @{
82. Path = 'C:\Example\Subfolder1\Testdata.txt'
83. Account = 'domain\hjaltitest'
84. AccessRights = 'Change'
85. }
86. Add-NTFSAccess @EX -PassThru
87.  
88. # hjaltitest only becomes the owner of the Example folder
89. $EX = @{
90. Path = 'C:\Example'
91. Account = 'domain\hjaltitest'
92. }
93. Set-NTFSOwner @EX -PassThru
94.  
95. # Activate inheritance of the Example folder again, the higher-level permissions are set again
96. $EX = @{
97. Path = 'C:\Example'
98. }
99. Enable-NTFSAccessInheritance @EX -PassThru
100.  
101. # Show which permissions were set manually but not inherited permissions
102. Dir 'C:\Example' | Get-NTFSAccess –ExcludeInherite
103.  
104. # Remove all permissions on the folder except for the inherited ones
105. $EX = @{
106. Path = 'C:\Example'
107. }
108. Clear-NTFSAccess @EX
109.  
110. # Recursively remove all permissions that have been set manually on the folder except for the inherited ones
111. Get-ChildItem -Path 'C:\Example' -Recurse -Force | Clear-NTFSAccess
112.  
113. # Show effective NTFS permissions on folders of a specific user
114. Get-ChildItem -Path 'C:\Example' -Recurse -Directory | Get-NTFSEffectiveAccess -Account 'domain\hjaltitest' | select Account, AccessControlType, AccessRights, FullName
115.  
116. # Show effective permissions of a file
117. Get-Item -Path 'C:\Example\Secure.txt' | Get-NTFSEffectiveAccess -Account 'domain\hjaltitest' | Format-List
118.  
119. # Create report of a folder recursively
120.  
121. $FolderPath = Get-ChildItem -Directory -Path "C:\Temp" -Recurse -Force
122. $Output = @()
123. ForEach ($Folder in $FolderPath) {
124. $Acl = Get-Acl -Path $Folder.FullName
125. ForEach ($Access in $Acl.Access) {
126. $Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
127. $Output += New-Object -TypeName PSObject -Property $Properties
128. }
129. }
130. $Output | Export-csv -Path "D:\Report.csv" -Encoding UTF8
131.  
132. # Change ownership and give a group full access to files
133.  
134. $AL = Get-Content "C:\Temp\AccessList.txt"
135. foreach ($i in $AL)
136. {
137. If(Test-Path $i)
138. {
139. Write-Host "Ändere den Owner des Ordners $i" -Foreground Green
140. Get-Item $i | Set-NTFSOwner -Account 'dwp.local\JW'
141. Get-Item $i | Add-NTFSAccess -Account 'dwp.local\JW' -AccessRights FullControl
142. Get-Item $i | Add-NTFSAccess -Account 'NT AUTHORITY\System' -AccessRights FullControl
143.  
144. $items = @()
145. $items = $null
146. $path = $null
147. $items = Get-Childitem $i -recurse -force
148. foreach($item in $items)
149. {
150. $path = $item.FullName
151. Write-Host "Die Gruppe File-Admins bekommt Vollzugriff auf $path" -Foreground Green
152. Get-Item -force $path | Set-NTFSOwner -Account 'dwp.local\FileAdmin'
153. Get-Item -force $path | Add-NTFSAccess -Account 'dwp.local\FileAdmin' -AccessRights FullControl
154. }
155. }
156. }
157.  
158. # Output the syntax of the NTFSSecurity module
159. Get-Command -Module NTFSSecurity -CommandType Cmdlet -Syntax | Out-GridView
160.