< Back
Get-ExplicitUserPermission
Post
NAME Get-ExplicitUserPermission
SYNOPSIS
Find user ACE in ACLs
SYNTAX
Get-ExplicitUserPermission [-Path <String>] -Username <String[]> [-IncludeInherited] [-Recurse] [-Directory]
[-File] [-Userdomain <String>] [<CommonParameters>]
Get-ExplicitUserPermission [-Path <String>] -Username <String[]> [-IncludeInherited] [-SingleItem] [-Userdomain
<String>] [<CommonParameters>]
DESCRIPTION
This function will help you find entries in ACLs where a user has been set instead of a group which is generally
considered best practice.
You can find ACE that has been explicitly set or include inherited ones. You can also return files/directories
only based on your needs with the respective parameter.
Use this function to clean your filestructure.
PARAMETERS
-Path <String>
Supply a valid path, either locally or UNC.
Required? false
Position? named
Default value $pwd
Accept pipeline input? false
Accept wildcard characters? false
-Username <String[]>
A comma separated list of samaccountNames from your AD or localcomputer
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-IncludeInherited [<SwitchParameter>]
This parameter will include Inherited permissions as part of the Functions Output.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Recurse [<SwitchParameter>]
Search recursively throught the file tree relative to the -Path parameter. Cannot be used with -SingleItem
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-SingleItem [<SwitchParameter>]
Tells the function to get the ACL of the path specified. Cannot be used with -Recurse
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Directory [<SwitchParameter>]
Return only objects of the type directory.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-File [<SwitchParameter>]
Return only objects of the type file.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Userdomain <String>
The userdomain name of your domain. If your domain is corporate.local then your userdomain will probably be
corporate. Therefor the default value vill be the userdomain of the user running the script
Required? false
Position? named
Default value $env:USERDOMAIN
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
PSCustom Object
SamAccountName IsInherited Name Path
-------------- ----------- ---- ----
robama False Robert Amartinesei C:\\Users\\Robama\\Desktop
NOTES
Created by Robert Amartinesei
2017-01-20
Disclaimer: These scripts are provided in good faith and with no warranty as to their fitness of purpose. Use
this software at your own risk. The author accepts no liabiliy for any losses or damages resulting from the
use thereof.
-------------------------- EXAMPLE 1 --------------------------
PS>Get-ExplicitUserPermission -username (get-aduser -filter *).samaccountname
Username IsInherited Path
-------------- ----------- ----
ITM\\Robama False C:\\users\\RObama\\play2\\xml.xml
This command checks every directory and file in the current path after a match in the domain. Since I am running
this as a member of the domain I don't have to specify the parameter Userdomain
-------------------------- EXAMPLE 2 --------------------------
PS>Get-ExplicitUserPermission -username "Robama"
Username IsInherited Path
-------------- ----------- ----
ITM\\Robama False C:\\users\\RObama\\play2\\xml.xml
Same as above but searching for a specific match.
-------------------------- EXAMPLE 3 --------------------------
PS>Get-ExplicitUserPermission -Username (get-aduser -filter *).samaccountname -Path .\\folder1\\ -SingleItem
Username IsInherited Path
-------- ----------- ----
ITM\\robama False C:\\users\\RObama\\folder1\\
Gets explicit permission for every user in the domain on the specific path.
RELATED LINKS
SYNOPSIS
Find user ACE in ACLs
SYNTAX
Get-ExplicitUserPermission [-Path <String>] -Username <String[]> [-IncludeInherited] [-Recurse] [-Directory]
[-File] [-Userdomain <String>] [<CommonParameters>]
Get-ExplicitUserPermission [-Path <String>] -Username <String[]> [-IncludeInherited] [-SingleItem] [-Userdomain
<String>] [<CommonParameters>]
DESCRIPTION
This function will help you find entries in ACLs where a user has been set instead of a group which is generally
considered best practice.
You can find ACE that has been explicitly set or include inherited ones. You can also return files/directories
only based on your needs with the respective parameter.
Use this function to clean your filestructure.
PARAMETERS
-Path <String>
Supply a valid path, either locally or UNC.
Required? false
Position? named
Default value $pwd
Accept pipeline input? false
Accept wildcard characters? false
-Username <String[]>
A comma separated list of samaccountNames from your AD or localcomputer
Required? true
Position? named
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters? false
-IncludeInherited [<SwitchParameter>]
This parameter will include Inherited permissions as part of the Functions Output.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Recurse [<SwitchParameter>]
Search recursively throught the file tree relative to the -Path parameter. Cannot be used with -SingleItem
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-SingleItem [<SwitchParameter>]
Tells the function to get the ACL of the path specified. Cannot be used with -Recurse
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Directory [<SwitchParameter>]
Return only objects of the type directory.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-File [<SwitchParameter>]
Return only objects of the type file.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Userdomain <String>
The userdomain name of your domain. If your domain is corporate.local then your userdomain will probably be
corporate. Therefor the default value vill be the userdomain of the user running the script
Required? false
Position? named
Default value $env:USERDOMAIN
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
PSCustom Object
SamAccountName IsInherited Name Path
-------------- ----------- ---- ----
robama False Robert Amartinesei C:\\Users\\Robama\\Desktop
NOTES
Created by Robert Amartinesei
2017-01-20
Disclaimer: These scripts are provided in good faith and with no warranty as to their fitness of purpose. Use
this software at your own risk. The author accepts no liabiliy for any losses or damages resulting from the
use thereof.
-------------------------- EXAMPLE 1 --------------------------
PS>Get-ExplicitUserPermission -username (get-aduser -filter *).samaccountname
Username IsInherited Path
-------------- ----------- ----
ITM\\Robama False C:\\users\\RObama\\play2\\xml.xml
This command checks every directory and file in the current path after a match in the domain. Since I am running
this as a member of the domain I don't have to specify the parameter Userdomain
-------------------------- EXAMPLE 2 --------------------------
PS>Get-ExplicitUserPermission -username "Robama"
Username IsInherited Path
-------------- ----------- ----
ITM\\Robama False C:\\users\\RObama\\play2\\xml.xml
Same as above but searching for a specific match.
-------------------------- EXAMPLE 3 --------------------------
PS>Get-ExplicitUserPermission -Username (get-aduser -filter *).samaccountname -Path .\\folder1\\ -SingleItem
Username IsInherited Path
-------- ----------- ----
ITM\\robama False C:\\users\\RObama\\folder1\\
Gets explicit permission for every user in the domain on the specific path.
RELATED LINKS