JAMS User ACL Audit Report

Follow

NOTE: This script was written and is intended for JAMS V7. Scroll down for the JAMS V6 version of the script. 

### This script will display the ACL information for the entire list of JAMS users stored in the Users shortcut,

### Import the JAMS module
Import-Module JAMS -EA SilentlyContinue

$Report = "C:\Temp\JAMSUsersAuditReport.txt"

### Get our user list
$usersList = Get-ChildItem JAMS::localhost\Credentials\* | Sort-Object -Property Name

$result = "`r`n`t`t`tJAMS User Access Security Report"
$result += "`r`n`t`t`t----------------------------------"

### Loop through each object and read the ACL information, displaying the entry for each

foreach ($user in $usersList){

    $result += "`r`n`r`nUser: $($user.UserName)"
    
    foreach ($ace in $user.Acl.GenericACL){
        
        $accessNames = ""
  
  
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Control) -ne 0){
            $accessNames = $accessNames + "Control "
        }
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Change) -ne 0){
            $accessNames = $accessNames + "Change "
        }
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Submit) -ne 0){
            $accessNames = $accessNames + "Submit "
        }
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::GetPassword) -ne 0){
            $accessNames = $accessNames + "Get Password "
        }

        $result += "`r`n`r`n`tIdentifier: $($ace.Identifier)"
        $result += "`r`n`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n"
    }

}

$result | out-file $Report 

    

NOTE: This script was written and is intended for JAMS V6. 

    

### This script will display the ACL information for the entire list of JAMS users stored in the Users shortcut,

### Import the JAMS module
Import-Module JAMS -EA SilentlyContinue

$Report = "C:\Temp\JAMSUsersAuditReport.txt"

### Get our user list
$usersList = Get-ChildItem JAMS::localhost\Users\* | Sort-Object -Property Name

$result = "`r`n`t`t`tJAMS User Access Security Report"
$result += "`r`n`t`t`t----------------------------------"

### Loop through each object and read the ACL information, displaying the entry for each

foreach ($user in $usersList){

    $result += "`r`n`r`nUser: $($user.UserName)"
    
    foreach ($ace in $user.Acl.GenericACL){
        
        $accessNames = ""
  
  
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Control) -ne 0){
            $accessNames = $accessNames + "Control "
        }
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Change) -ne 0){
            $accessNames = $accessNames + "Change "
        }
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::Submit) -ne 0){
            $accessNames = $accessNames + "Submit "
        }
        if (($ace.AccessBits -band [MVPSI.JAMS.UserAccess]::GetPassword) -ne 0){
            $accessNames = $accessNames + "Get Password "
        }

        $result += "`r`n`r`n`tIdentifier: $($ace.Identifier)"
        $result += "`r`n`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n"
    }

}

$result | out-file $Report 

    

Have more questions? Submit a request

Comments

  • Avatar
    MaryAnn Salas

    Hello, just noticed this, One of the names is "Get Password "
    And this line:
    $($accessNames.Trim() -split " " -join ", ")

    Splits them as if its two separate access? Is that intentional or they are meant to be just a single Access entity?

  • Avatar
    Gennaro Piccolo

    Hello MaryAnn, Get Password is a single access name. It is intentional.

  • Avatar
    MaryAnn Salas

    Oh.. so that when it is split then becomes :
    Get, Password
    Which looks like two access names?

  • Avatar
    Gennaro Piccolo

    Hello MaryAnn, it is not splitting the Get Password string, it is splitting the items in the result array.