This blog has moved to http://ThePowerShellGuy.com
Greetings /\/\o\/\/
While and after writing the PowerShell Export and Import shares scripts I got questions on how to do this for Directory Security in the NG thread that started me writing those 2 example scripts (Security and monad) ,
PowerShell Export Shares and Security info to CSV
PowerShell Import Shares and Security info From CSV
and I also got a comment from Pete Gomersall on the latter post, about doing this for Directories and recursing.
I already provided some info about win32_directory and the get-acl CDMlet in the Thread.
but I decided to write some example scripts for that also, but this Time I will not use WMI but the get-acl and set-acl commandlets.
Also I save the Security info in SDDL (Security Descriptor String Format) form to make the CSV file smaller, as Directories most of the time have much more and detailed ACL's as a Share does.
for more info about SDDL see : Security Descriptor String Format [Security] or do a Google Search on SDDL for more info.
(Note that SDDL does support "GA" GENERIC_ALL opposed to the .NET Enum see NG thread)
The provided scripts work like this :
MowPS>Export-DirTee c:\foobar
Dir SDDL
--- ----
c:\foobar O:S-1-5-2
MowPS>Export-DirTee c:\foobar -r
Dir SDDL
--- ----
c:\foobar O:S-1-5-2
C:\foobar\Bar O:S-1-5-2
C:\foobar\Foo O:S-1-5-2
MowPS>Export-DirTee c:\foobar -r | fl
Dir : c:\foobar
SDDL : O:S-1-5-21-
Dir : C:\foobar\Bar
SDDL : O:S-1-5-21-
MowPS>Export-DirTee c:\foobar -r dirSec.csv
Exporting to dirSec.csv
MowPS>rd c:\fooBar
Confirm
The item at C:\fooBar has children and the -recurse parameter was not specified. If you continue,
all children will be removed with the item. Are you sure you want to continue?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): a
# all Directories are gone now :
MowPS>Export-DirTee c:\foobar -r
Path "c:\foobar" Not Found
# Let re-Import Them :
MowPS>Import-dirTree dirSec.csv
Creating c:\foobar
Setting Security on : c:\foobar
Creating C:\foobar\Bar
Setting Security on : C:\foobar\Bar
Creating C:\foobar\Foo
Setting Security on : C:\foobar\Foo
# and Yes the Security is back also :
MowPS>Export-DirTee c:\foobar
Dir SDDL
--- ----
c:\foobar O:S-1-5-21-
MowPS>Export-DirTee c:\foobar -rec
Dir SDDL
--- ----
c:\foobar O:S-1-5-21-
C:\foobar\Bar O:S-1-5-21-
C:\foobar\Foo O:S-1-5-21-
Note that this will not keep any files and does not touch the security on them, the Import script will just create the Directories if they do not exist and set the security on them, any existing files will not be touched, and will keep the current security.
and here the scripts :
# export-dirTree
#
# this Function will Export a directory Tree
# complete with securityInfo to CSV
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
Function Export-DirTree ($path,[switch]$recurse,$Outfile) {
if (Test-Path($path)) {
$DirInfo = @()
$DirInfo += $path | select @{e={$_};n='Dir'},
@{e={(get-acl $_).sddl};n='SDDL'}
if ($recurse.IsPresent) {
ls $path |? {$_.PsIsContainer} |% {
$DirInfo += $_ | select @{e={$_.fullname};n='Dir'},
@{e={(get-acl $_.fullname).sddl};n='SDDL'}
}
}
if ($outFile){
write-host "Exporting to $outFile"
$DirInfo | export-csv $outFile
}Else{
$DirInfo
}
}Else{
write-host "Path `"$path`" Not Found"
}
}
# Import-DirTree
#
# This Function will Import the directories from a CSV file
# made by Export-DirTree function complete with securityInfo
#
# /\/\o\/\/ 2006
# http://mow001.blogspot.com
Function Import-DirTree ($file) {
$DirList = Import-Csv $file
$DirList |% {
Write-Host "Creating $($_.dir)"
New-Item -type directory -path $_.dir | out-null
Write-Host "Setting Security on : $($_.dir)"
$acl = (get-acl $_.dir)
$acl.SetSecurityDescriptorSddlForm($_.sddl)
set-acl $_.dir $acl
Write-Host ""
}
}
For more info about the PowerShell ACL handling :
My Blog :
Adding a Simple AccesRule to a file ACL in MSH
More ACL and MSH on MSH for Fun
PowerShell for Fun blog :
http://mshforfun.blogspot.com/2005/12/play-with-acl-in-msh.html
MSH For Fun: Play with ACL in MSH (continued)
PowerShell For Fun: Combination Rights, Inheritance and ...
And this exelent article about the .NET 2.0 Security Classes
http://www.grimes.demon.co.uk/workshops/secWSNine.htm
Enjoy,
Greetings /\/\o\/\/
Tags : Monad msh PowerShell