我有一个脚本可以获取我的服务器上所有网络共享文件夹的访问控制列表(除了管理员共享)。看起来它能工作,但输出结果给我的是一些数字而不是权限,我不明白这个数字意味着什么,更重要的是,我应该如何将它们翻译成常规权限(FC、RO等)。
$shares = Get-SmbShare | Where-Object Name -notlike "*$" | Select-Object Name
$Report = @()
foreach ($share in $shares){
$path = "\\$env:COMPUTERNAME\" + $share.Name.ToString()
$FolderPath = dir -Directory -Path $path -Recurse -Force
Foreach ($Folder in $FolderPath) {
$Acl = Get-Acl -Path $Folder.FullName
foreach ($Access in $acl.Access)
{
$Properties = [ordered]@{
'FolderName'=$Folder.FullName;
'ADGroup or User'=$Access.IdentityReference;
'Permissions'=$Access.FileSystemRights;
'Inherited'=$Access.IsInherited}
$Report += New-Object -TypeName PSObject -Property $Properties
}
}
}
$Report | Export-Csv -path "C:\temp\FolderPermissions.csv"
这是我得到的一些输出(略微修剪以保持简洁)
"FolderName","ADGroup or User","Permissions","Inherited"
"\\WIN-RPK9O6GR3JM\foobar\STE","NT AUTHORITY\SYSTEM","FullControl","True"
...
"\\WIN-RPK9O6GR3JM\foobar\STE","CREATOR OWNER","268435456","True"
"\\WIN-RPK9O6GR3JM\foobar\STE\LOG","BUILTIN\Users","CreateFiles","True"
"\\WIN-RPK9O6GR3JM\foobar\STE\LOG","CREATOR OWNER","268435456","True"
...
"\\WIN-RPK9O6GR3JM\foobar\STE\TMP","BUILTIN\Users","CreateFiles","True"
"\\WIN-RPK9O6GR3JM\foobar\STE\TMP","CREATOR OWNER","268435456","True"
...
"\\WIN-RPK9O6GR3JM\SYSVOL\foobar.net","NT AUTHORITY\Authenticated Users","-1610612736","True"
...
"\\WIN-RPK9O6GR3JM\SYSVOL\foobar.net","BUILTIN\Administrators","-536084480","True"
如果有人能够解释或指引我正确的方向,让我了解这些数值是什么以及如何翻译它们,我将不胜感激。
谢谢!