Access Control ACL Report

Follow

 

Import-Module JAMS -EA Continue

# Get an instance of the JAMS Server
$jamsServer = [MVPSI.JAMS.Server]::GetServer("localhost")

$result = "`r`n`t`t`tJAMS Object Access Security Report"
$result += "`r`n`t`t`t----------------------------------"

#
# Iterate through the AccessObject Types enumeration
#
foreach($accessType in [Enum]::GetValues([MVPSI.JAMS.AccessObject]))
{
    if($accessType -ne [MVPSI.JAMS.AccessObject]::None)
    {
        #
        # Output AccessObject header
        #
        $result += "`r`n`r`n$($accessType.ToString())`r`n"
        $accessType.ToString().ToCharArray() | %{$result += "-"}  

        #
        # Load the Security for the specified AccessObject
        #
        $sec = New-Object MVPSI.JAMS.Security
        [MVPSI.JAMS.Security]::Load([ref]$sec, $accessType, $jamsServer)

        #
        # Iterate each ACE in the ACL
        #
        foreach ($ace in $sec.Acl.GenericACL)
        { 
            #
            # Append the ACE's access to a string
            #
            $accessNames = ""
            foreach($objectAccess in [Enum]::GetValues([MVPSI.JAMS.ObjectAccess]))
            {
                if (($ace.AccessBits -band $objectAccess) -ne 0)
              {
                     $accessNames = $accessNames + "$($objectAccess) "
              }
            }
            
           #
        # Output the ACE's identifier and access
           #
           $result += "`r`nIdentifier: $($ace.Identifier)"
            $result += "`r`n`tAccess: $($accessNames.Trim() -split " " -join ", ")`r`n"
        }
    }
}

#Change path to desired report location
$result | Out-File C:\Temp\ACLAudit.txt 

 

Have more questions? Submit a request

Comments