Use get-acl to display the owner and the NTFS permissions that have been applied.
(get-acl "C:\Temp\").owner
(get-acl "C:\Temp\").access
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I wonder if it is possible to get the name of the security group that is associated with a given path in network folders, e.g. N: \ DLSI \ Exmaple. Additionally, am I able to obtain the owner of this particular security group?
Use get-acl to display the owner and the NTFS permissions that have been applied.
(get-acl "C:\Temp\").owner
(get-acl "C:\Temp\").access
This is working but takes data from NTFS premmision, i try to find out the name of the security group at Active directory.
Well you still need to look at the NTFS permissions to get the name of the AD group. I assume that you are looking for the ManagedBy property. I do not have access to an AD environment to test with, so you will need adjust the Get-ADGroup cmdlet to fit your environment.
(get-acl "N:\DLSI" ).access | foreach {
"Testing {0}" -f $_.identityreference
$id = $_.identityreference.tostring().split("\") # expecting BUILTIN\Administrators or domain\group
if ($id.count -ne 2) {
"This can't be a domain group."
return
}
if ($id[0] -match "BUILTIN|NT AUTHORITY|NT SERVICE") { # look for local identity
"Skipping local identity."
return
}
"This looks like a domain entry."
"Domain name is {0]" -f $id[0]
"This could be a group or user: {0}" -f $id[1]
$group = Get-ADGroup -identity $id[1] -properties * # See https://lazyadmin.nl/powershell/get-adgroup/
if ($group) {
"We have an object."
"It's managedby property is {0}" -f $group.managedby
} else {
"We didn't find a group."
}
}
Hello,
The basic way to determine this is to scan all your folders and shares, get the permissions for each, then filter those perms for the Security groups of interest.
In a small data environment, this isn't too bad.
In a large data environment, it's much more complex and probably needs a lot of planning.
Let's say your main datastore is \server\share1.
in Powershell run:
$folders = gci -path \server\share1 -force -recurse -directory |select -exp FullName
foreach ($folder in $folders) {
$rights = (Get-ACL $folder).Access|where {$_.IdentityReference -eq "$MyGroup"}
}
$rights will have their info if they're accessed to the folder.
You have more work if there are multiple groups of interest; if you're lucky, they'll be named similarly and you can use a "-like" filter with wildcards.
---------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--