How to get owner and group name with only path for dish folder

BartekB93 1 Reputation point
2022-10-22T11:33:20.96+00:00

I wonder if it is possible to get the name of the security group that is associated with a given path in network folders, e.g. N: \ DLSI \ Exmaple. Additionally, am I able to obtain the owner of this particular security group?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,429 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. MotoX80 32,441 Reputation points
    2022-10-22T12:33:15.56+00:00

    Use get-acl to display the owner and the NTFS permissions that have been applied.

    (get-acl "C:\Temp\").owner  
    (get-acl "C:\Temp\").access  
    
    0 comments No comments

  2. BartekB93 1 Reputation point
    2022-10-24T06:41:00.907+00:00

    This is working but takes data from NTFS premmision, i try to find out the name of the security group at Active directory.

    0 comments No comments

  3. MotoX80 32,441 Reputation points
    2022-10-24T13:42:46.107+00:00

    Well you still need to look at the NTFS permissions to get the name of the AD group. I assume that you are looking for the ManagedBy property. I do not have access to an AD environment to test with, so you will need adjust the Get-ADGroup cmdlet to fit your environment.

    (get-acl "N:\DLSI" ).access | foreach {  
        "Testing {0}" -f $_.identityreference  
        $id = $_.identityreference.tostring().split("\")                # expecting BUILTIN\Administrators or domain\group   
        if ($id.count -ne 2) {  
            "This can't be a domain group."  
            return  
        }  
        if ($id[0] -match "BUILTIN|NT AUTHORITY|NT SERVICE") {               # look for local identity  
            "Skipping local identity."  
            return  
        }   
        "This looks like a domain entry."  
        "Domain name is {0]" -f $id[0]  
        "This could be a group or user: {0}" -f $id[1]  
        $group = Get-ADGroup -identity $id[1] -properties *      # See https://lazyadmin.nl/powershell/get-adgroup/  
        if ($group) {  
            "We have an object."  
            "It's managedby property is {0}" -f $group.managedby  
        } else {  
            "We didn't find a group."  
        }  
    }  
      
    
    0 comments No comments

  4. Limitless Technology 44,046 Reputation points
    2022-10-25T14:44:41.373+00:00

    Hello,

    The basic way to determine this is to scan all your folders and shares, get the permissions for each, then filter those perms for the Security groups of interest.
    In a small data environment, this isn't too bad.
    In a large data environment, it's much more complex and probably needs a lot of planning.

    Let's say your main datastore is \server\share1.

    in Powershell run:

    $folders = gci -path \server\share1 -force -recurse -directory |select -exp FullName
    foreach ($folder in $folders) {
    $rights = (Get-ACL $folder).Access|where {$_.IdentityReference -eq "$MyGroup"}

    Do something with this data.

    }

    $rights will have their info if they're accessed to the folder.
    You have more work if there are multiple groups of interest; if you're lucky, they'll be named similarly and you can use a "-like" filter with wildcards.

    ---------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--