NOTE: This script was written and is intended for JAMS V7. Scroll down for the JAMS V6 version of the script.
### This script will display the ACL information for the entire list of JAMS users stored in the Users shortcut, ### Import the JAMS module Import-Module JAMS -EA SilentlyContinue $Report = "C:\Temp\JAMSUsersAuditReport.txt" ### Get our user list $usersList = Get-ChildItem JAMS::localhost\Credentials\* | Sort-Object -Property Name $result = "`r`n`t`t`tJAMS User Access Security Report" $result += "`r`n`t`t`t----------------------------------" ### Loop through each object and read the ACL information, displaying the entry for each foreach ($user in $usersList){ $result += "`r`n`r`nUser: $($user.UserName)" foreach ($ace in $user.Acl.GenericACL){ $accessNames = "" if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Control) -ne 0){ $accessNames = $accessNames + "Control " } if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Change) -ne 0){ $accessNames = $accessNames + "Change " } if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Submit) -ne 0){ $accessNames = $accessNames + "Submit " } if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::GetPassword) -ne 0){ $accessNames = $accessNames + "Get Password " } $result += "`r`n`r`n`tIdentifier: $($ace.Identifier)" $result += "`r`n`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n" } } $result | out-file $Report
NOTE: This script was written and is intended for JAMS V6.
### This script will display the ACL information for the entire list of JAMS users stored in the Users shortcut, ### Import the JAMS module Import-Module JAMS -EA SilentlyContinue $Report = "C:\Temp\JAMSUsersAuditReport.txt" ### Get our user list $usersList = Get-ChildItem JAMS::localhost\Users\* | Sort-Object -Property Name $result = "`r`n`t`t`tJAMS User Access Security Report" $result += "`r`n`t`t`t----------------------------------" ### Loop through each object and read the ACL information, displaying the entry for each foreach ($user in $usersList){ $result += "`r`n`r`nUser: $($user.UserName)" foreach ($ace in $user.Acl.GenericACL){ $accessNames = "" if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Control) -ne 0){ $accessNames = $accessNames + "Control " } if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Change) -ne 0){ $accessNames = $accessNames + "Change " } if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Submit) -ne 0){ $accessNames = $accessNames + "Submit " } if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::GetPassword) -ne 0){ $accessNames = $accessNames + "Get Password " } $result += "`r`n`r`n`tIdentifier: $($ace.Identifier)" $result += "`r`n`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n" } } $result | out-file $Report
Hello, just noticed this, One of the names is "Get Password "
And this line:
$($accessNames.Trim() -split " " -join ", ")
Splits them as if its two separate access? Is that intentional or they are meant to be just a single Access entity?
Hello MaryAnn, Get Password is a single access name. It is intentional.
Oh.. so that when it is split then becomes :
Get, Password
Which looks like two access names?
Hello MaryAnn, it is not splitting the Get Password string, it is splitting the items in the result array.