# encoding: ascii
# api: powershell
# title: Compare-PathAcl
# description: Compare the ACLs for two users for a folder tree
# version: 0.1
# author: Joel Bennett
# license: CC0
# x-poshcode-id: 3517
# x-archived: 2012-07-25T05:07:46
# x-published: 2012-07-16T09:08:00
#
# Lots more to do here, but this is a start.
# NOTE: this is a script. If you want a function, wrap it in function Compare-PathACL { ... }
#
[CmdletBinding()]
param(
[string]$Path = 'C:\',
[string]$User1 = "$Env:USERDOMAIN\$Env:UserName",
[string]$User2 = "BuiltIn\Administrators",
[switch]$recurse
)
foreach($fso in ls $path -recurse:$recurse) {
$acl = @(get-acl $fso.FullName | select -expand Access | Where IdentityReference -in $user1,$user2)
if($acl.Count -eq 1) {
Write-Warning "Only $($acl[0].IdentityReference) has access to $($fso.FullName)"
} elseif($acl.Count -eq 2) {
if(compare-object $acl[0] $acl[1] -Property FileSystemRights, AccessControlType) {
Write-Warning "Different rights to $($fso.FullName)"
}
} # if acl.count -eq 0 they're the same
}