I'm trying to write a script that will connect to a remote computer and check for permissions on a specific folder looking for particular user groups.
After a lot of googling I came up with the following which requires NTFSSecurity module
Set-LocationC:\FF
$FF=dir-Recurse
if (Test-PathC:\acl.csv )
{
Remove-ItemC:\acl.csv
}
foreach($objectin$FF){
$object.FullName
$acl=Get-Ace$object.FullName
$acl|where {$_.Account -match"adm|own"} |
Select-Object @{n="object";e={ $object.FullName }},
@{n="security_principal";e={ $_.Account }},
@{n="type";e={ $_.AccessControlType }},
@{n="rights";e={ $_.AccessRights }} |Export-Csv'C:\acl.csv'-NoTypeInformation-Append
}
The above works fine locally. The trouble is if I wanted to use Invoke-Command I would need to have the NTFSSecurity module installed on each machine I'd link to by $servers=Get-Content"C:\servers.txt" Invoke-Command-ComputerName$server-ScriptBlock {... Is there a better way? Another problem I'm having is how to get all nested domain groups listed out of the local groups found by $_.Account -match"adm|own ? I know I can use $group = Get-CimInstance -ClassName Win32_Group -Filter "Name = 'Administrators'" Get-CimAssociatedInstance -InputObject $group -ResultClassName Win32_Group | select -ExpandProperty Caption This would give me my nested groups assuming I knew the name but I'd like it to be a variable taken out of previous block $.Account value but no idea how to pass that into Filter.