Exports userwise prmission using Powershell

Kaleemullah bilal 1 Reputation point
2020-09-23T10:14:24.827+00:00

Hi,

I am using below procedure to Export the Permissions from the File Server 2012.

This Command Works but create a Empty CSV File and Says that there is Permission issue..

$FolderPath = dir -Directory -Path "\fs1\Shared" -Recurse -Force
$Report = @()
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD
Group or
User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
$Report | Export-Csv -path "C:\data\FolderPermissions.csv"

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,083 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,355 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. SChalakov 10,261 Reputation points MVP
    2020-09-23T11:27:34.873+00:00

    Hi @Kaleemullah bilal ,

    I have just tested your script and it works just fine with me. The .csv contains all the ACLs I needed.
    So I would assume that you just have no "Read" rights on the path, which you want to export.
    Please test with another path, where you have at least read permissions and it should work.

    If for another reason you still face issues, can you please post also the permissions error you get when you try to export the values?
    Can you please also check if the "$Report" variable contains all the permissions?

    Regards,
    Stoyan

    1 person found this answer helpful.
    0 comments No comments

  2. Ian Xue (Shanghai Wicresoft Co., Ltd.) 29,486 Reputation points Microsoft Vendor
    2020-09-24T03:24:16.467+00:00

    Hi,
    The script works for me. Do you have permissions to the path you try to access? If yes, please check the return value of Get-Acl -Path $Folder.FullName. Also try -LiteraPath instead of -Path as there may be a wildcard character like square bracket in directory names.

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Kaleemullah bilal 1 Reputation point
    2020-09-24T05:23:37.8+00:00

    Below is the Error am getting...Shared Folder has many Subfolders also..i am trying to run the command using Domain Admin..and permssions are set from and to the path am accessing..

    dir : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must
    be less than 248 characters.
    At line:1 char:15

    • $FolderPath = dir -Directory -Path "\neurodc.nsh.com\Shared Folders" -Recurse ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ReadError: (\neurodc.nsh.c..._09_2012_202127:String) [Get-ChildItem], PathTooLongException
    • FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand

    dir : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must
    be less than 248 characters.
    At line:1 char:15

    • $FolderPath = dir -Directory -Path "\neurodc.nsh.com\Shared Folders" -Recurse ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ReadError: (\neurodc.nsh.c..._09_2012_202752:String) [Get-ChildItem], PathTooLongException
    • FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand
    0 comments No comments

  4. SChalakov 10,261 Reputation points MVP
    2020-09-24T07:31:42.953+00:00

    Hi @Kaleemullah bilal ,

    it is clear now. The error you get does not relate to missing permissions, but is actually due to a know limitation in the Windows API when you work with longer paths.
    Unfortunately there is no clear guide on how to solve this, but there are a few tricks to overcome this limitation. I have selected two working examples for you:

    List All Files Regardless of 260 Character Path Restriction Using PowerShell and Robocopy

    and also

    PowerShell: Increase Default Windows 260-Character Paths Limit

    If you do a research in Internet you will most probably find also other solutions. So you will have to re-write your script to be able to do that.

    Hope I was able to help.

    ----------

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)
    Best regards,
    Stoyan

    0 comments No comments

  5. Ian Xue (Shanghai Wicresoft Co., Ltd.) 29,486 Reputation points Microsoft Vendor
    2020-09-24T08:07:16.683+00:00

    Hi,
    According to the error message, the full path is too long. The maximum length of a path defined in Windows APIs is 260 characters. You could use a prefix "\?\UNC\" instead of "\" in the UNC path to call the Unicode version of the Windows APIs. The first line of the script could be like this

    $FolderPath = dir -Directory -LiteralPath '\\?\UNC\fs1\shared' -Recurse -Force  
    

    For more information you may refer to this link
    https://learn.microsoft.com/zh-cn/archive/blogs/bclteam/long-paths-in-net-part-1-of-3-kim-hamilton

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.