[решено] \\?\ для сетевой шары

Elven · Отправлено: **20:07, 31-01-2018** | #3

Казбек, это тогда весь скрипт выкладывать/смотреть.

скрипт

Код:

clear
####################
			#pobieranie uprawnien
			function get-perm($permission)
			{
			$acl.Access.GetEnumerator() | where {$_.IdentityReference -like "do*"} | % {	
				$user = $_.IdentityReference
				$perm = $_.FileSystemRights

					if ($perm -like $permission)
					{ 
						#$p += echo $user.ToString()
						

						if ($_.IsInherited -eq $true ) 
							{$p += echo "<font color="blue">$user</font>"}
						else
							{$p += echo $user.ToString()}
						if ($_.AccessControlType -like 'Deny' ) 
							{$p += echo "<font color="red">(-)</font>"}									
												
						$p += echo "; "
						
					}
				}
			
			
				
				switch($permission) 
				{
				"*FullControl*"  { if ($p -ne $null) {echo "<tr align="left"><td width="10%">FullAccess:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Modify*"  { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Modify:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Read*"  { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadOnly:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Delete*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Delete:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*AppendData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">AppendData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ChangePermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ChangePermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*CreateDirectories*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateDirectories:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*CreateFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*DeleteSubdirectoriesAndFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">DeleteSubdirectoriesAndFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ExecuteFile*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ExecuteFile:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ListDirectory*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ListDirectory:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadAndExecute*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAndExecute:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadPermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadPermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*TakeOwnership*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">TakeOwnership:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Synchronize*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Synchronize:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Traverse*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Traverse:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Write*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Write:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*WriteAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*WriteData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*WriteExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				}
			}	

##################

$start = Get-Date
$report = 'D:\temp\report.html'
Remove-Item $report -ErrorAction SilentlyContinue
$sciezka2 = "\\fs\logs"	
$sciezka = Read-Host "podaj ścieźkę: "
$OnlyFolder = Read-Host "Skanować tylko foldery? (T/N) "

if($sciezka -eq $null)
	{
		if($OnlyFolder -eq "T" )
		{
		$dirs = Get-ChildItem $sciezka2  -Recurse -Exclude '*.lnk' | Where-Object { $_.PSIsContainer } 
		}
		if($OnlyFolder -eq "N" )
		{$dirs = Get-ChildItem $sciezka2  -Recurse -Exclude '*.lnk' }
	}
	else 
	{
		if($OnlyFolder -eq "T" )
		{
		$dirs = Get-ChildItem $sciezka -Recurse -Exclude '*.lnk' | Where-Object { $_.PSIsContainer } 
		$sciezka2 =$sciezka
		}
		if($OnlyFolder -eq "N" )
		{
		$dirs = Get-ChildItem $sciezka -Recurse -Exclude '*.lnk' 
		$sciezka2 =$sciezka
		}
	}


echo "<head><title>Raport - Audyt uprawnień</title></head>" | Out-File $report -Append
echo "<h1 align='center'>Raport - Audyt uprawnień </h1>" | Out-File $report -Append
echo "<br>Data wygenerowania: $(get-date -DisplayHint DateTime -Format F)" | Out-File $report -Append
echo "<table border="1">" | Out-File $report -Append

$j = $dirs.Count
$i=0


######
#katalog ROOT
######

$FullAccess = $null
$ReadOnly = $null
$Modify = $null
$Delete = $null
$groupmembers =$null

#budowanie tabeli w HTML
echo 	"<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">"  | Out-File $report -Append
echo 	$sciezka2  | Out-File $report -Append
echo 	"</th> </tr>"  | Out-File $report -Append


$acl = Get-Acl $sciezka2
$Owner = $acl.Owner

echo "<tr align="left"><td width="10%">Owner:</td><td width="90%">$Owner</td></tr>" | out-file $report -append

get-perm('*FullControl*')
get-perm('*Modify*')			
get-perm('*Read*')	
get-perm('*Delete*')			
get-perm("*AppendData*" )
get-perm("*ChangePermissions*" )
get-perm("*CreateDirectories*" )
get-perm("*CreateFiles*" )
get-perm("*DeleteSubdirectoriesAndFiles*" )
get-perm("*ExecuteFile*" )
get-perm("*ListDirectory*" )
get-perm("*ReadAndExecute*" )
get-perm("*ReadAttributes*" )
get-perm("*ReadData*" )
get-perm("*ReadExtendedAttributes*")
get-perm("*ReadPermissions*" )
get-perm("*TakeOwnership*" )
#get-perm("*Synchronize*" )
get-perm("*Traverse*" )
get-perm("*Write*" )
get-perm("*WriteAttributes*" )
get-perm("*WriteData*" )
get-perm("*WriteExtendedAttributes*" )


######

#Podkatalogi
foreach ( $dir in $dirs)
{
	if($dir -notlike '*~$*')
		{	
	    $i+=1
	    $perc = $i/$j*100
		$perc = ([Math]::Round($perc))
		write-progress "Zapierdzielam..." "Zakończono: $perc %" -perc $perc


		foreach ($acls in $acl)
		{
			$FullAccess = $null
			$ReadOnly = $null
			$Modify = $null
			$Delete = $null
			$groupmembers =$null

			#budowanie tabeli w HTML
			echo 	"<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">"  | Out-File $report -Append
			echo 	$dir.fullname  | Out-File $report -Append
			echo 	"</th> </tr>"  | Out-File $report -Append
			
			
			$acl = Get-Acl $dir.fullname
			$Owner = $acl.Owner
	
			echo "<tr align="left"><td width="10%">Owner:</td><td width="90%">$Owner</td></tr>" | out-file $report -append
			<#
			#pobieranie uprawnien
			function get-perm($permission)
			{
			$acl.Access.GetEnumerator() | where {$_.IdentityReference -like "GH*"} | % {	
				$user = $_.IdentityReference
				$perm = $_.FileSystemRights

					if ($perm -like $permission)
					{ 
						#$p += echo $user.ToString()
						

						if ($_.IsInherited -eq $true ) 
							{$p += echo "<font color="blue">$user</font>"}
						else
							{$p += echo $user.ToString()}
						if ($_.AccessControlType -like 'Deny' ) 
							{$p += echo "<font color="red">(-)</font>"}									
												
						$p += echo "; "
						
					}
				}
			
			
				
				switch($permission) 
				{
				"*FullControl*"  { if ($p -ne $null) {echo "<tr align="left"><td width="10%">FullAccess:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Modify*"  { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Modify:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Read*"  { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadOnly:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Delete*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Delete:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*AppendData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">AppendData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ChangePermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ChangePermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*CreateDirectories*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateDirectories:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*CreateFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*DeleteSubdirectoriesAndFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">DeleteSubdirectoriesAndFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ExecuteFile*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ExecuteFile:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ListDirectory*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ListDirectory:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadAndExecute*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAndExecute:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*ReadPermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadPermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*TakeOwnership*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">TakeOwnership:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Synchronize*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Synchronize:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Traverse*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Traverse:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*Write*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Write:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*WriteAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*WriteData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				"*WriteExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
				}
			}	
			#>
		}
			
			#dadac pozostrałe
			get-perm('*FullControl*')
			get-perm('*Modify*')			
			get-perm('*Read*')	
			get-perm('*Delete*')			
			get-perm("*AppendData*" )
			get-perm("*ChangePermissions*" )
			get-perm("*CreateDirectories*" )
			get-perm("*CreateFiles*" )
			get-perm("*DeleteSubdirectoriesAndFiles*" )
			get-perm("*ExecuteFile*" )
			get-perm("*ListDirectory*" )
			get-perm("*ReadAndExecute*" )
			get-perm("*ReadAttributes*" )
			get-perm("*ReadData*" )
			get-perm("*ReadExtendedAttributes*")
			get-perm("*ReadPermissions*" )
			get-perm("*TakeOwnership*" )
		#	get-perm("*Synchronize*" )
			get-perm("*Traverse*" )
			get-perm("*Write*" )
			get-perm("*WriteAttributes*" )
			get-perm("*WriteData*" )
			get-perm("*WriteExtendedAttributes*" )
			}
}

echo  "</table>" | Out-File $report -Append

$end = Get-Date
$genTime = $end - $start

echo "Czas generowania: $genTime" | Out-File $report -Append


# Tworzenie Legendy




echo "<br><br><br><table border="1">" | Out-File $report -Append
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">"  | Out-File $report -Append
echo "Legenda </th> </tr>"  | Out-File $report -Append
echo "<tr align="left"><td >DOMAIN\User</td><td>uprawnienia przyznane (Allow)</td></tr>" | out-file $report -append
echo "<tr align="left"><td ><font color="blue">DOMAIN\User</font></td><td>uprawnienia dziedziczone</td></tr>" | out-file $report -append
echo "<tr ><td align="center" ><font color="red">(-)</font></td><td align="left">Brak uprawnień (Deny)</td></tr>" | out-file $report -append
echo "</table>" | Out-File $report -Append


ii $report

спотык

Н

Код:

евозможно вызвать метод для выражения со значением NULL.
D:\bat\ps1\audit.ps1:6 знак:4
+             $acl.Access.GetEnumerator() | where {$_.IdentityReference ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull