\\?\ для сетевой шары
Есть скрипт на ПоШе для проверки прав на некоторых папках. Т.к. встречаются папки с чертовски длинными путями (больше 260 символов) пришлось использовать префикс \\?\ как рекомендовано вот здесь. Для локальной папки (например \\?\d:\temp\) все отрабатывает идеально, а вот на сетевой спотыкается. Или я не правильно указываю путь (указывал так: \\?\server\shares\). Что я делаю не так? |
Цитата:
Цитата Elven
а вот на сетевой спотыкается »
|
Покажите вывод, когда спотыкается. |
Казбек, это тогда весь скрипт выкладывать/смотреть.
скрипт
Код:
clear
####################
#pobieranie uprawnien
function get-perm($permission)
{
$acl.Access.GetEnumerator() | where {$_.IdentityReference -like "do*"} | % {
$user = $_.IdentityReference
$perm = $_.FileSystemRights
if ($perm -like $permission)
{
#$p += echo $user.ToString()
if ($_.IsInherited -eq $true )
{$p += echo "<font color="blue">$user</font>"}
else
{$p += echo $user.ToString()}
if ($_.AccessControlType -like 'Deny' )
{$p += echo "<font color="red">(-)</font>"}
$p += echo "; "
}
}
switch($permission)
{
"*FullControl*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">FullAccess:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Modify*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Modify:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Read*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadOnly:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Delete*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Delete:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*AppendData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">AppendData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ChangePermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ChangePermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateDirectories*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateDirectories:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*DeleteSubdirectoriesAndFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">DeleteSubdirectoriesAndFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ExecuteFile*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ExecuteFile:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ListDirectory*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ListDirectory:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAndExecute*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAndExecute:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadPermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadPermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*TakeOwnership*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">TakeOwnership:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Synchronize*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Synchronize:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Traverse*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Traverse:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Write*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Write:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
}
}
##################
$start = Get-Date
$report = 'D:\temp\report.html'
Remove-Item $report -ErrorAction SilentlyContinue
$sciezka2 = "\\fs\logs"
$sciezka = Read-Host "podaj ścieźkę: "
$OnlyFolder = Read-Host "Skanować tylko foldery? (T/N) "
if($sciezka -eq $null)
{
if($OnlyFolder -eq "T" )
{
$dirs = Get-ChildItem $sciezka2 -Recurse -Exclude '*.lnk' | Where-Object { $_.PSIsContainer }
}
if($OnlyFolder -eq "N" )
{$dirs = Get-ChildItem $sciezka2 -Recurse -Exclude '*.lnk' }
}
else
{
if($OnlyFolder -eq "T" )
{
$dirs = Get-ChildItem $sciezka -Recurse -Exclude '*.lnk' | Where-Object { $_.PSIsContainer }
$sciezka2 =$sciezka
}
if($OnlyFolder -eq "N" )
{
$dirs = Get-ChildItem $sciezka -Recurse -Exclude '*.lnk'
$sciezka2 =$sciezka
}
}
echo "<head><title>Raport - Audyt uprawnień</title></head>" | Out-File $report -Append
echo "<h1 align='center'>Raport - Audyt uprawnień </h1>" | Out-File $report -Append
echo "<br>Data wygenerowania: $(get-date -DisplayHint DateTime -Format F)" | Out-File $report -Append
echo "<table border="1">" | Out-File $report -Append
$j = $dirs.Count
$i=0
######
#katalog ROOT
######
$FullAccess = $null
$ReadOnly = $null
$Modify = $null
$Delete = $null
$groupmembers =$null
#budowanie tabeli w HTML
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">" | Out-File $report -Append
echo $sciezka2 | Out-File $report -Append
echo "</th> </tr>" | Out-File $report -Append
$acl = Get-Acl $sciezka2
$Owner = $acl.Owner
echo "<tr align="left"><td width="10%">Owner:</td><td width="90%">$Owner</td></tr>" | out-file $report -append
get-perm('*FullControl*')
get-perm('*Modify*')
get-perm('*Read*')
get-perm('*Delete*')
get-perm("*AppendData*" )
get-perm("*ChangePermissions*" )
get-perm("*CreateDirectories*" )
get-perm("*CreateFiles*" )
get-perm("*DeleteSubdirectoriesAndFiles*" )
get-perm("*ExecuteFile*" )
get-perm("*ListDirectory*" )
get-perm("*ReadAndExecute*" )
get-perm("*ReadAttributes*" )
get-perm("*ReadData*" )
get-perm("*ReadExtendedAttributes*")
get-perm("*ReadPermissions*" )
get-perm("*TakeOwnership*" )
#get-perm("*Synchronize*" )
get-perm("*Traverse*" )
get-perm("*Write*" )
get-perm("*WriteAttributes*" )
get-perm("*WriteData*" )
get-perm("*WriteExtendedAttributes*" )
######
#Podkatalogi
foreach ( $dir in $dirs)
{
if($dir -notlike '*~$*')
{
$i+=1
$perc = $i/$j*100
$perc = ([Math]::Round($perc))
write-progress "Zapierdzielam..." "Zakończono: $perc %" -perc $perc
foreach ($acls in $acl)
{
$FullAccess = $null
$ReadOnly = $null
$Modify = $null
$Delete = $null
$groupmembers =$null
#budowanie tabeli w HTML
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">" | Out-File $report -Append
echo $dir.fullname | Out-File $report -Append
echo "</th> </tr>" | Out-File $report -Append
$acl = Get-Acl $dir.fullname
$Owner = $acl.Owner
echo "<tr align="left"><td width="10%">Owner:</td><td width="90%">$Owner</td></tr>" | out-file $report -append
<#
#pobieranie uprawnien
function get-perm($permission)
{
$acl.Access.GetEnumerator() | where {$_.IdentityReference -like "GH*"} | % {
$user = $_.IdentityReference
$perm = $_.FileSystemRights
if ($perm -like $permission)
{
#$p += echo $user.ToString()
if ($_.IsInherited -eq $true )
{$p += echo "<font color="blue">$user</font>"}
else
{$p += echo $user.ToString()}
if ($_.AccessControlType -like 'Deny' )
{$p += echo "<font color="red">(-)</font>"}
$p += echo "; "
}
}
switch($permission)
{
"*FullControl*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">FullAccess:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Modify*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Modify:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Read*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadOnly:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Delete*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Delete:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*AppendData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">AppendData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ChangePermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ChangePermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateDirectories*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateDirectories:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*CreateFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">CreateFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*DeleteSubdirectoriesAndFiles*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">DeleteSubdirectoriesAndFiles:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ExecuteFile*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ExecuteFile:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ListDirectory*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ListDirectory:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAndExecute*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAndExecute:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*ReadPermissions*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">ReadPermissions:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*TakeOwnership*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">TakeOwnership:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Synchronize*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Synchronize:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Traverse*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Traverse:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*Write*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">Write:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteData*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteData:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
"*WriteExtendedAttributes*" { if ($p -ne $null) {echo "<tr align="left"><td width="10%">WriteExtendedAttributes:</td><td width="90%">$p</td></tr>" | out-file $report -append}}
}
}
#>
}
#dadac pozostrałe
get-perm('*FullControl*')
get-perm('*Modify*')
get-perm('*Read*')
get-perm('*Delete*')
get-perm("*AppendData*" )
get-perm("*ChangePermissions*" )
get-perm("*CreateDirectories*" )
get-perm("*CreateFiles*" )
get-perm("*DeleteSubdirectoriesAndFiles*" )
get-perm("*ExecuteFile*" )
get-perm("*ListDirectory*" )
get-perm("*ReadAndExecute*" )
get-perm("*ReadAttributes*" )
get-perm("*ReadData*" )
get-perm("*ReadExtendedAttributes*")
get-perm("*ReadPermissions*" )
get-perm("*TakeOwnership*" )
# get-perm("*Synchronize*" )
get-perm("*Traverse*" )
get-perm("*Write*" )
get-perm("*WriteAttributes*" )
get-perm("*WriteData*" )
get-perm("*WriteExtendedAttributes*" )
}
}
echo "</table>" | Out-File $report -Append
$end = Get-Date
$genTime = $end - $start
echo "Czas generowania: $genTime" | Out-File $report -Append
# Tworzenie Legendy
echo "<br><br><br><table border="1">" | Out-File $report -Append
echo "<tr> <th BGCOLOR='rgb(240,240,240)' colspan="2">" | Out-File $report -Append
echo "Legenda </th> </tr>" | Out-File $report -Append
echo "<tr align="left"><td >DOMAIN\User</td><td>uprawnienia przyznane (Allow)</td></tr>" | out-file $report -append
echo "<tr align="left"><td ><font color="blue">DOMAIN\User</font></td><td>uprawnienia dziedziczone</td></tr>" | out-file $report -append
echo "<tr ><td align="center" ><font color="red">(-)</font></td><td align="left">Brak uprawnień (Deny)</td></tr>" | out-file $report -append
echo "</table>" | Out-File $report -Append
ii $report
спотык
Н
Код:
евозможно вызвать метод для выражения со значением NULL.
D:\bat\ps1\audit.ps1:6 знак:4
+ $acl.Access.GetEnumerator() | where {$_.IdentityReference ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
|
\\?\ - синтаксис не поддерживается в PowerShell,как для локальных, так и для UNC путей
Качайте модуль, где нет проблем с длинными путями - https://gallery.technet.microsoft.co...f-90dbb2b84e85
Или установить:
Код:
PS > Find-Module NTFSSecurity
Version Name Repository
------- ---- ----------
4.2.3 NTFSSecurity PSGallery
PS > Install-Module NTFSSecurity
Список команд:
Код:
PS > get-command -module NTFSSecurity
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Add-NTFSAccess 4.2.3 NTFSSecurit
Cmdlet Add-NTFSAudit 4.2.3 NTFSSecurit
|
Kazun, спасибо. Но локально все почему-то отрабатывало, причем именно с длинным путем (больше 500 символов). Что же, буду колупать NTFSSecurity.
|
Время: 21:33.
© OSzone.net 2001-
