It’s probably safe to assume you ended up on this page because, basically, you like to save time and work efficiently?!
This page will help you extract explicit (non-inherited) NTFS permissions and list them for easy Excel import.
Once you have the data in Excel, you can search and modify the output as you see fit.
Don’t worry about it – you’re welcome! 😁👍
Feel free to copy the script just below and modify it in any way you like.
Manage Hybrid Office 365 Like a Boss
Before we move on – if you REALLY want to save a lot of time, have a quick look at Easy365Manager.
Easy365Manager is a snap-in to AD Users & Computers that consolidates AD and Office 365 management.
To fully understand the power of Easy365Manager, consider the user-left-the-company scenario.
Many companies have a process similar to the below when employees leave:
- Disable the AD user account
- Convert the mailbox to a shared mailbox
- Hide the user from the address lists
- Set up forwarding to the user’s manager (or replacement)
- Delegate mailbox access to the user’s manager (or replacement)
- Synchronize on-premises changes to Azure AD
- Reclaim the Office 365 license
With standard tools, this easily takes anywhere between 5 to 10 minutes as you have to log in to multiple management tools.
With Easy365Manager, this can be done (by junior support) in 30 seconds:
Download the fully-functional 30-day trial and save even more time than you planned to before the end of the day!
Use PowerShell to Document NTFS Permissions
The following script will iterate all folders and subfolders of the main folder, “D:\Data”.
$OutFile = "c:\ExplicitACLs.csv"
"Path;Access;Identity" | Out-File $OutFile
$TopFolders = Get-ChildItem "D:\Data" -Directory
ForEach ($TopFolder In $TopFolders) {
Write-Host Processing $TopFolder.FullName ...
$Folders = Get-ChildItem -Path $TopFolder.FullName -Recurse -Directory
ForEach ($Folder In $Folders) {
$ACL = Get-Acl $Folder.FullName
ForEach ($Access In $ACL.Access) {
If ($Access.IsInherited -eq $False) {
$Output = $Folder.FullName + ";" + $Access.FileSystemRights + ";" + $Access.IdentityReference
$Output | Out-File $OutFile -Append
Write-Host $Output
}
}
}
}
To ensure we see a little bit of progress along the way, the subfolders are iterated one by one.
(we certainly like to see progress is being made when crunching TerraByte folders)
The output is a semicolon-separated list stating:
- Folder/file path
- Access rights
- Identity (delegatee)
The formatted output may look similar to this:
Path Access Identity D:\Data\Customers FullControl E365M\MSK D:\Data\Customers FullControl E365M\ClientReps D:\Data\Financial ReadAndExecute, Synchronize E365M\JWB D:\Data\Financial ReadAndExecute, Synchronize E365M\Finance D:\Data\Development Modify, Synchronize E365M\Dev
TIP: If the amount of data is not colossal, you might want to include file permissions in your review:
In that case, remove the “-Directory” switch in line 6.
We hope you’ll find the script helpful! 👍