-
Notifications
You must be signed in to change notification settings - Fork 0
Get GPOAclExtended
oliwex edited this page Dec 5, 2021
·
1 revision
function Get-GPOAclExtended
{
Param(
[Parameter(Mandatory = $true)]
[alias("GPO_ACL", "GPOAccessControlList")]
[String] $gpoPath
)
$path = "AD:\" + $gpoPath
$acls = (Get-Acl -Path $path).Access | Select-Object ActiveDirectoryRights, AccessControlType, IdentityReference, InheritanceType, InheritanceFlags, PropagationFlags
$info = (Get-ACL -Path $path | Select-Object Owner, Group, 'AreAccessRulesProtected', 'AreAuditRulesProtected', 'AreAccessRulesCanonical', 'AreAuditRulesCanonical')
[PSCustomObject] @{
'DN' = $gpoPath
'Owner' = $info.Owner
'Group' = $info.Group
'Are Access Rules Protected' = $info.'AreAccessRulesProtected'
'Are AuditRules Protected' = $info.'AreAuditRulesProtected'
'Are Access Rules Canonical' = $info.'AreAccessRulesCanonical'
'Are Audit Rules Canonical' = $info.'AreAuditRulesCanonical'
'ACLs' = $acls
}
}
- Type - Private
- Input
- $gpoPath - distinguished name of acl object
- Output - PSCustomObject of ACL Object