Write-Host
仅向控制台显示文本,无法保存。
Get-Acl >> check_acl.txt
将写入整个“对象”,而不仅仅是identityreference。您想要的是创建一个带有Path和ACL(identityreference)属性的自定义对象,并将其导出到csv。
我还简化了身份排除,并将if测试改为foreach循环,这样您就不必运行整个
Get-ACL
-行两次。
试试这个:
##define variable
$path = "E:\Share"
$ExcludeUsers = 'AT\Domain Admins','NT AUTHORITY\SYSTEM','AT\AT-IT','AT\01STREW','AT\01BRUND','AT\01KNAFP','AT\01BECKC'
## begin script
#Create regex-pattern to match all excluded users
$ExcludeUsersRegex = ($ExcludeUsers | % { [regex]::Escape($_) }) -join '|'
Get-Childitem $path -Recurse -Directory | ForEach-Object {
$file = $_
Get-Acl -Path $file.FullName |
Select-Object -ExpandProperty Access |
Where-Object {$_.IdentityReference -notmatch $ExcludeUsersRegex -and $_.AccessControlType -eq "Allow" -and $_.FileSystemRights -eq "FullControl"} |
ForEach-Object {
#Foreach ACL
New-Object psobject -Property @{
Path = $file.FullName
ACL = $_.IdentityReference
}
}
} | Select-Object -Property Path, ACL | Export-Csv e:\check_acl.csv -NoTypeInformation
示例输出:
"Path","ACL"
"C:\Users\frode\Desktop\TEST\YES","CONTOSO\frode"
"C:\Users\frode\Desktop\TEST\YES","CONTOSO\FrodesOtherAccount"