/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" PowerShell How Can I Query a Text File and Retriev... "," PowerShell Import Shares and Security info From CSV "," An other PowerShell Blog is born "," Windows PowerShell: TFM "," PowerShell Export Shares and Security info to CSV "," powershell (Monad) Home on computerperformance.co.uk "," PowerShell in Action "," PowerShell out-PropertyGrid (MSH view-Object) "," PowerShell AD site Finder "," PowerShell and SMS 2003 "," ")

Monday, May 08, 2006

 

PowerShell Import and Export a DirectoryTree and Security info

While and after writing the PowerShell Export and Import shares scripts I got questions on how to do this for Directory Security in the NG thread that started me writing those 2 example scripts (Security and monad) ,

PowerShell Export Shares and Security info to CSV

PowerShell Import Shares and Security info From CSV

and I also got a comment from Pete Gomersall on the latter post, about doing this for Directories and recursing.

I already provided some info about win32_directory and the get-acl CDMlet in the Thread.

but I decided to write some example scripts for that also, but this Time I will not use WMI but the get-acl and set-acl commandlets.

Also I save the Security info in SDDL (Security Descriptor String Format) form to make the CSV file smaller, as Directories most of the time have much more and detailed ACL's as a Share does.

for more info about SDDL see : Security Descriptor String Format [Security] or do a Google Search on SDDL for more info.

(Note that SDDL does support "GA" GENERIC_ALL opposed to the .NET Enum see NG thread)



The provided scripts work like this :

MowPS>Export-DirTee c:\foobar

Dir                                               SDDL
---                                               ----
c:\foobar                                         O:S-1-5-2


MowPS>Export-DirTee c:\foobar -r

Dir                                               SDDL
---                                               ----
c:\foobar                                         O:S-1-5-2
C:\foobar\Bar                                     O:S-1-5-2
C:\foobar\Foo                                     O:S-1-5-2


MowPS>Export-DirTee c:\foobar -r | fl


Dir  : c:\foobar
SDDL : O:S-1-5-21-

Dir  : C:\foobar\Bar
SDDL : O:S-1-5-21-

MowPS>Export-DirTee c:\foobar -r dirSec.csv

Exporting to dirSec.csv

MowPS>rd c:\fooBar

Confirm

The item at C:\fooBar has children and the -recurse parameter was not specified. If you continue,
all children will be removed with the item. Are you sure you want to continue?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): a

# all Directories are gone now :

MowPS>Export-DirTee c:\foobar -r

Path "c:\foobar" Not Found

# Let re-Import Them :

MowPS>Import-dirTree dirSec.csv
Creating c:\foobar
Setting Security on : c:\foobar

Creating C:\foobar\Bar
Setting Security on : C:\foobar\Bar

Creating C:\foobar\Foo
Setting Security on : C:\foobar\Foo

# and Yes the Security is back also :

MowPS>Export-DirTee c:\foobar

Dir                                               SDDL
---                                               ----
c:\foobar                                         O:S-1-5-21-


MowPS>Export-DirTee c:\foobar -rec

Dir                                               SDDL
---                                               ----
c:\foobar                                         O:S-1-5-21-
C:\foobar\Bar                                     O:S-1-5-21-
C:\foobar\Foo                                     O:S-1-5-21-


Note that this will not keep any files and does not touch the security on them, the Import script will just create the Directories if they do not exist and set the security on them, any existing files will not be touched, and will keep the current security.

and here the scripts :


# export-dirTree
#
# this Function will Export a directory Tree    
# complete with securityInfo to CSV  
#   
# /\/\o\/\/ 2006      
# http://mow001.blogspot.com 
 
Function Export-DirTree ($path,[switch]$recurse,$Outfile) {
  if (Test-Path($path)) {
    $DirInfo = @() 
    $DirInfo += $path | select @{e={$_};n='Dir'},
                               @{e={(get-acl $_).sddl};n='SDDL'}
    if ($recurse.IsPresent) {
      ls $path |? {$_.PsIsContainer} |% {
         $DirInfo += $_ | select @{e={$_.fullname};n='Dir'},
                                    @{e={(get-acl $_.fullname).sddl};n='SDDL'}
      }
    }

    if ($outFile){
      write-host "Exporting to $outFile"
      $DirInfo | export-csv $outFile
    }Else{
      $DirInfo
    }

  }Else{
    write-host "Path `"$path`" Not Found"
  }

}

# Import-DirTree

# This Function will Import the directories from a CSV file   
# made by Export-DirTree function complete with securityInfo  
#   
# /\/\o\/\/ 2006      
# http://mow001.blogspot.com 

Function Import-DirTree ($file) {
  $DirList = Import-Csv $file
  $DirList |% {
    Write-Host "Creating $($_.dir)"
    New-Item -type directory -path $_.dir | out-null
    Write-Host "Setting Security on : $($_.dir)"
    $acl = (get-acl $_.dir)
    $acl.SetSecurityDescriptorSddlForm($_.sddl)
    set-acl $_.dir $acl
    Write-Host ""
  }
}




For more info about the PowerShell ACL handling :

My Blog :

Adding a Simple AccesRule to a file ACL in MSH

More ACL and MSH on MSH for Fun

PowerShell for Fun blog :

http://mshforfun.blogspot.com/2005/12/play-with-acl-in-msh.html

MSH For Fun: Play with ACL in MSH (continued)

PowerShell For Fun: Combination Rights, Inheritance and ...

And this exelent article about the .NET 2.0 Security Classes

http://www.grimes.demon.co.uk/workshops/secWSNine.htm

Enjoy,

Greetings /\/\o\/\/

Tags :



posted by /\/\o\/\/
Comments:
Anonymous Anonymous
MOW thanks for all this work, especially on access permission.
I just tested this script on a folder tree that is really deep; it only recurses 1 level deep.
Some typos in your examples Export-DirTee. - not an issue.
What was your rational for changing the method from the share export method?
I know it provided lengthy output but it was far more useable. If you need to change sid info the csv would be easy to edit. Why - say servers were in different workgroups or domains. You could modify the sid in the csv and then import. Can you see the extra usefulness?
Good coding - I'm learning!
Pete Gomersall
# posted by Anonymous Anonymous : 10:42 PM
 
Blogger /\/\o\/\/
Hi Pete,

glad you could use the example.

it only recurses 1 level deep.

Oops I forgot to add -recurse parameter of LS.

What was your rational for changing the method from the share export method?

not using WMI was more easy to recurse the directory (if you not forget the -recurse ;-)

and I did the SDDL as I did not do that before, and as I did tell space and you can create SDDL files from other sources,
but feel free to use the normal output ;-).

glad I could help

Greetings /\/\o\/\/
# posted by Blogger /\/\o\/\/ : 10:52 PM
 
Blogger /\/\o\/\/
PS about the typo's I can not fix them without losing my pipeline signs and messing up the layout,
# posted by Blogger /\/\o\/\/ : 10:53 PM
 
Post a Comment



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

Links

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?