Auditing ACLs on a massive file server

Hey all,

So I am working on a script that has the following requirement.

  1. It cannot hold anything (or at least not very much) in memory. It has to audit the directory in question and then move on.

So here is a sanitized test version of the script. Right now I just want to see the output show up correctly within the shell. Eventually all of the Write-host cmdlets will be taken out except for “found a thing!” which will also e-mail me with a direct path to that folder.

$group1= Get-ADGroup -Filter {name -like "GROUP 1 -*"} $group2= Get-ADGroup -Filter {name -like "GROUP 2 -*"} $group3= Get-ADGroup -Filter {name -like "GROUP 3 -*"} $group4= Get-ADGroup -Filter {name -like "GROUP 4 -*"} $allGroups = $group1+$group2+$group3+$group4 Function AuditACL { foreach ($group in $allGroups) { Get-Acl | %{Write-Host "Looking at ACL for $($group.Name) on $($_.Path)"; if ($_.Access.IdentityReference -eq "WECARE$($group.Name)") { Write-Host "Found a folder with the security group $($group)"}} } } Get-ChildItem -Directory -Recurse -Path "C:Userstest.accountDesktop" | %{Write-Host "Checking $($_.Name)"; AuditACL } 

So here is what I get in the output, and I’m not sure why it’s doing this:

Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account Looking at ACL for GROUP 1 on Microsoft.PowerShell.CoreFileSystem::C:Userstest.account 

I’m not sure why it’s showing up as “Microsoft.PowerShell.CoreFileSystem::” but would like to know where I’m going wrong, or if there’s a more efficient way to do this.

submitted by /u/Marquis77
[link] [comments]

Leave a Reply