# encoding: ascii
# api: powershell
# title: Get-AclMisconfiguration.
# description: From Windows PowerShell Cookbook (O’Reilly) by Lee Holmes
# version: 0.1
# type: function
# author: Lee Holmes
# license: CC0
# x-poshcode-id: 2145
# x-archived: 2016-05-17T11:09:30
# x-published: 2011-09-09T21:40:00
#
#
##############################################################################
##
## Get-AclMisconfiguration
##
## From Windows PowerShell Cookbook (O'Reilly)
## by Lee Holmes (http://www.leeholmes.com/guide)
##
##############################################################################
<#
.SYNOPSIS
Demonstration of functionality exposed by the Get-Acl cmdlet. This script
goes through all access rules in all files in the current directory, and
ensures that the Administrator group has full control of that file.
#>
Set-StrictMode -Version Latest
## Get all files in the current directory
foreach($file in Get-ChildItem)
{
## Retrieve the ACL from the current file
$acl = Get-Acl $file
if(-not $acl)
{
continue
}
$foundAdministratorAcl = $false
## Go through each access rule in that ACL
foreach($accessRule in $acl.Access)
{
## If we find the Administrator, Full Control access rule,
## then set the $foundAdministratorAcl variable
if(($accessRule.IdentityReference -like "*Administrator*") -and
($accessRule.FileSystemRights -eq "FullControl"))
{
$foundAdministratorAcl = $true
}
}
## If we didn't find the administrator ACL, output a message
if(-not $foundAdministratorAcl)
{
"Found possible ACL Misconfiguration: $file"
}
}