2020 | Scott W. Head  |  Sr. Systems Admin | Certified Microsoft Windows Server Administrator

PowerShell NTFS Rights Verify

    #|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    #|||||||||||||||||||Tab Delimited Results ||||||||||||||||Check if ACL is Correct ||||||||||||||||||||||
    #|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||  

    $CheckRightsonPathArray=@()
    $CheckRightsonPathArray+="C:\","C:\Windows\system32","C:\Windows\","C:\Temp","D:\SomeNotFound"

    # Declare Array
    $FileSystemArray=@()

    Foreach($CheckRightsonPath in $CheckRightsonPathArray){

    # Test if path exists 
    $TestFileSystemExists=test-path $CheckRightsonPath    
    # Conditional
    If($TestFileSystemExists){

    
   
# Get Acceess List Assign to Var
    $MyFileSystemACL= (Get-ACL "$CheckRightsonPath").Access        

# Iterate Through all Properties in ACL 
switch ($MyFileSystemACL)
    {   
       
# BUILTIN\Administrators
        { $_.IdentityReference -eq "BUILTIN\Administrators" -and $_.AccessControlType -eq "Allow" -and $($_.FileSystemRights -eq "FullControl" -or [string]$_.FileSystemRights -eq "268435456")}
        { $FileSystemArray += "$Env:ComputerName`tBUILTIN\Administrators Allow FullControl`t$CheckRightsonPath`tPassed" }


        # NT SERVICE\TrustedInstaller
        { $_.IdentityReference -eq "NT SERVICE\TrustedInstaller" -and $_.AccessControlType -eq "Allow" -and $($_.FileSystemRights -eq "FullControl" -or [string]$_.FileSystemRights -eq "268435456")}
        { $FileSystemArray += "$Env:ComputerName`tCREATOR OWNER Allow $($_.FileSystemRights)`t$CheckRightsonPath`tPassed" }

        
       
# NT AUTHORITY\SYSTEM      
        { $_.IdentityReference -eq "NT AUTHORITY\SYSTEM" -and $_.AccessControlType -eq "Allow" -and $($_.FileSystemRights -eq "FullControl" -or [string]$_.FileSystemRights -eq "268435456") }
        { $FileSystemArray += "$Env:ComputerName`tNT AUTHORITY\SYSTEM Allow FullControl`t$CheckRightsonPath`tPassed" }                            
    
                                
        default
        { $FileSystemArray += ($Env:ComputerName + "`t" + $_.IdentityReference.ToString() + " "  + $_.AccessControlType.ToString() + " " + $_.FileSystemRights.ToString() + "`t$CheckRightsonPath`tFailed") }
        
    }        
    }Else{
        $FileSystemArray+="$Env:ComputerName`tData path Not Found`t$CheckRightsonPath" 
    } 

  }


  $FileSystemArray | Out-file C:\temp\MyFIleRights.csv