Exports userwise prmission using Powershell

asked 2020-09-23T10:14:24.827+00:00
Kaleemullah bilal 1 Reputation point

Hi,

I am using below procedure to Export the Permissions from the File Server 2012.

This Command Works but create a Empty CSV File and Says that there is Permission issue..

$FolderPath = dir -Directory -Path "\fs1\Shared" -Recurse -Force
$Report = @()
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{'FolderName'=$Folder.FullName;'AD
Group or
User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
$Report | Export-Csv -path "C:\data\FolderPermissions.csv"

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,146 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
4,615 questions
No comments
{count} votes

5 answers

Sort by: Most helpful
  1. answered 2020-09-23T11:27:34.873+00:00
    Stoyan Chalakov 8,806 Reputation points Microsoft MVP

    Hi @Kaleemullah bilal ,

    I have just tested your script and it works just fine with me. The .csv contains all the ACLs I needed.
    So I would assume that you just have no "Read" rights on the path, which you want to export.
    Please test with another path, where you have at least read permissions and it should work.

    If for another reason you still face issues, can you please post also the permissions error you get when you try to export the values?
    Can you please also check if the "$Report" variable contains all the permissions?

    Regards,
    Stoyan

    No comments

  2. answered 2020-09-24T03:24:16.467+00:00
    Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,351 Reputation points Microsoft Employee

    Hi,
    The script works for me. Do you have permissions to the path you try to access? If yes, please check the return value of Get-Acl -Path $Folder.FullName. Also try -LiteraPath instead of -Path as there may be a wildcard character like square bracket in directory names.

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. answered 2020-09-24T05:23:37.8+00:00
    Kaleemullah bilal 1 Reputation point

    Below is the Error am getting...Shared Folder has many Subfolders also..i am trying to run the command using Domain Admin..and permssions are set from and to the path am accessing..

    dir : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must
    be less than 248 characters.
    At line:1 char:15

    • $FolderPath = dir -Directory -Path "\neurodc.nsh.com\Shared Folders" -Recurse ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ReadError: (\neurodc.nsh.c..._09_2012_202127:String) [Get-ChildItem], PathTooLongException
    • FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand

    dir : The specified path, file name, or both are too long. The fully qualified file name must be less than 260 characters, and the directory name must
    be less than 248 characters.
    At line:1 char:15

    • $FolderPath = dir -Directory -Path "\neurodc.nsh.com\Shared Folders" -Recurse ...
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ReadError: (\neurodc.nsh.c..._09_2012_202752:String) [Get-ChildItem], PathTooLongException
    • FullyQualifiedErrorId : DirIOError,Microsoft.PowerShell.Commands.GetChildItemCommand
    No comments

  4. answered 2020-09-24T07:31:42.953+00:00
    Stoyan Chalakov 8,806 Reputation points Microsoft MVP

    Hi @Kaleemullah bilal ,

    it is clear now. The error you get does not relate to missing permissions, but is actually due to a know limitation in the Windows API when you work with longer paths.
    Unfortunately there is no clear guide on how to solve this, but there are a few tricks to overcome this limitation. I have selected two working examples for you:

    List All Files Regardless of 260 Character Path Restriction Using PowerShell and Robocopy

    and also

    PowerShell: Increase Default Windows 260-Character Paths Limit

    If you do a research in Internet you will most probably find also other solutions. So you will have to re-write your script to be able to do that.

    Hope I was able to help.

    ----------

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)
    Best regards,
    Stoyan

    No comments

  5. answered 2020-09-24T08:07:16.683+00:00
    Ian Xue (Shanghai Wicresoft Co., Ltd.) 18,351 Reputation points Microsoft Employee

    Hi,
    According to the error message, the full path is too long. The maximum length of a path defined in Windows APIs is 260 characters. You could use a prefix "\?\UNC\" instead of "\" in the UNC path to call the Unicode version of the Windows APIs. The first line of the script could be like this

    $FolderPath = dir -Directory -LiteralPath '\\?\UNC\fs1\shared' -Recurse -Force  
    

    For more information you may refer to this link
    https://learn.microsoft.com/zh-cn/archive/blogs/bclteam/long-paths-in-net-part-1-of-3-kim-hamilton

    Best Regards,
    Ian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.