NOTE: This script was written and is intended for JAMS V7. Scroll down for the JAMS V6 version of the script.
### Import the JAMS module Import-Module JAMS ###We need to define the default JAMS server name $JAMSDefaultServer = 'localhost' ### Where to generate a report $Report = "C:\Temp\JAMSFolderAuditReport.txt" ###We loop through our folder list and we need to specify the object type 'Folder' ###This will return a list of Folders and each ACL and their permissions only if there are ACL's assigned to those folders. $folderList = Get-ChildItem JAMS::$JAMSDefaultServer\ -objectType Folder -Recurse -IgnorePredefined -FullObject $result = "`r`n`t`t`tJAMS Folder Access Security Report" $result += "`r`n`t`t`t----------------------------------" foreach ($folder in $folderList){ $sys = Get-Item JAMS::$JAMSDefaultServer$($folder.ParentFolderName)$($folder.QualifiedName) $result += "`r`n`r`nFolder: $($sys.QualifiedName)" foreach ($ace in $sys.Acl.GenericACL){ $accessNames = "" if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Execute) -ne 0){ $accessNames = $accessNames + "Execute " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Delete) -ne 0){ $accessNames = $accessNames + "Delete " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Control) -ne 0){ $accessNames = $accessNames + "Control " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Change) -ne 0){ $accessNames = $accessNames + "Change " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Inquire) -ne 0){ $accessNames = $accessNames + "Inquire " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::AddJobs) -ne 0){ $accessNames = $accessNames + "AddJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::ChangeJobs) -ne 0){ $accessNames = $accessNames + "ChangeJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::InquireJobs) -ne 0){ $accessNames = $accessNames + "InquireJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::DeleteJobs) -ne 0){ $accessNames = $accessNames + "DeleteJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Submit) -ne 0){ $accessNames = $accessNames + "Submit " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Debug) -ne 0){ $accessNames = $accessNames + "Debug " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Manage) -ne 0){ $accessNames = $accessNames + "Manage " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Monitor) -ne 0){ $accessNames = $accessNames + "Monitor " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Abort) -ne 0){ $accessNames = $accessNames + "Abort " } $result += "`r`n`r`n`tIdentifier: $($ace.Identifier)" $result += "`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n" } } $result | out-file $Report
NOTE: This script was written and is intended for JAMS V6.
### Import the JAMS module Import-Module JAMS ###We need to define the default JAMS server name $JAMSDefaultServer = 'localhost' ### Where to generate a report $Report = "C:\Temp\JAMSFolderAuditReport.txt" ###We loop through our folder list and we need to specify the object type 'Folder' ###This will return a list of Folders and each ACL and their permissions only if there are ACL's assigned to those folders. $folderList = Get-ChildItem JAMS::$JAMSDefaultServer\ -objectType Folder -Recurse -IgnorePredefined $result = "`r`n`t`t`tJAMS Folder Access Security Report" $result += "`r`n`t`t`t----------------------------------" foreach ($sys in $folderList){ $result += "`r`n`r`nFolder: $($sys.QualifiedName)" foreach ($ace in $sys.Acl.GenericACL){ $accessNames = "" if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Execute) -ne 0){ $accessNames = $accessNames + "Execute " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Delete) -ne 0){ $accessNames = $accessNames + "Delete " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Control) -ne 0){ $accessNames = $accessNames + "Control " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Change) -ne 0){ $accessNames = $accessNames + "Change " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Inquire) -ne 0){ $accessNames = $accessNames + "Inquire " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::AddJobs) -ne 0){ $accessNames = $accessNames + "AddJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::ChangeJobs) -ne 0){ $accessNames = $accessNames + "ChangeJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::InquireJobs) -ne 0){ $accessNames = $accessNames + "InquireJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::DeleteJobs) -ne 0){ $accessNames = $accessNames + "DeleteJobs " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Submit) -ne 0){ $accessNames = $accessNames + "Submit " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Debug) -ne 0){ $accessNames = $accessNames + "Debug " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Manage) -ne 0){ $accessNames = $accessNames + "Manage " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Monitor) -ne 0){ $accessNames = $accessNames + "Monitor " } if (($ace.AccessBits -band [MVPSI.JAMS.FolderAccess]::Abort) -ne 0){ $accessNames = $accessNames + "Abort " } $result += "`r`n`r`n`tIdentifier: $($ace.Identifier)" $result += "`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n" } } $result | out-file $Report
Hi, should we expect this script to work on JAMS v7? When I run it, it enumerates all the folders, but am not seeing any other information returned about which groups have which permissions against the folders.
Hello Sean, this script was designed for use with V6.
Gennaro, is there an updated script for v7?
Hello Louise, There are two scripts on this page, the top script is the V7 version, the bottom one is V6.
Ah, thank you! I scrolled too fast!