Powershell 在 for-each 循环中转换 sddl 输出

Powershell 在 for-each 循环中转换 sddl 输出

我正在编写一个脚本,用于获取 Active Directory 林中所有 GPO 的审核设置。我通过以下方式获取了大部分所需信息:

Get-Gpo -All |
    ForEach-Object {$GPO = $_.DisplayName; Get-Acl -Path ("AD:\" + $_.Path) -Audit |
        Select-Object @{n="GPO";e={$GPO}},PSChildName,AuditToString,Audit,AccessToString,sddl} | 
            select GPO,AuditToString,AccessToString,sddl | 
                Format-list |
                    out-file C:\Users\scott\Desktop\gpo_acl.txt

输出如下:

GPO           : Server 2019
AuditToString : Everyone Success  
                Everyone Failure  
                Everyone Success  
                Everyone Success  
Sddl          : PAI(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)(A;CI;LCRPLORC;;;ED)

GPO           : Computer Quarantine
AuditToString : Everyone Success  
                Everyone Failure  
                Everyone Success  
                Everyone Success  
Sddl          : PAI(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)(A;CI;LCRPLORC;;;ED)

(我截断了 Sddl 输出,因为它会公开我不想公开的信息。)我现在试图实现的是让 Sddl 输出更易于阅读。我可以手动将 Sddl 输出复制到以下命令中:

ConvertFrom-SddlString -sddl "PAI(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)(A;CI;LCRPLORC;;;ED)" -type ActiveDirectoryRights |
Select-Object -ExpandProperty DiscretionaryAcl

它给了我看起来更漂亮的输出,如下所示:

NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS: AccessAllowed (GenericExecute, GenericRead, ListChildren, ListObject, ReadControl, ReadProperty)
NT AUTHORITY\Authenticated Users: AccessAllowed (GenericExecute, GenericRead, ListChildren, ListObject, ReadControl, ReadProperty)
NT AUTHORITY\SYSTEM: AccessAllowed (CreateChild, Delete, DeleteChild, DeleteTree, ExecuteKey, FullControl, GenericExecute, GenericRead, GenericWrite, ListChildren, ListObject, Read, ReadAndExecute, ReadControl, ReadProperty, Self, WriteDacl, WriteKey, WriteOwner, WriteProperty)

我试图在开头发布的 for-each 循环中获得更好的输出。一位同事建议在 select-object 的末尾添加此哈希表:

Get-Gpo -All |
    ForEach-Object {$GPO = $_.DisplayName; Get-Acl -Path ("AD:\" + $_.Path) -Audit |
        Select-Object @{n="GPO";e={$GPO}},PSChildName,AuditToString,Audit,AccessToString,sddl @{n="SDDLString";e={ConvertFrom-SddlString($_.sddl)}}} | 
            select GPO,AuditToString,AccessToString,sddl | 
                Format-list |
                    out-file C:\Users\scott\Desktop\gpo_acl.txt

但它打印的是对象的名称而不是内容。理想情况下,我希望输出看起来像这样:

GPO           : Server 2019
AuditToString : Everyone Success  
                Everyone Failure  
                Everyone Success  
                Everyone Success  
Sddl          : NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS: AccessAllowed (GenericExecute, GenericRead, ListChildren, ListObject, ReadControl, ReadProperty)
NT AUTHORITY\Authenticated Users: AccessAllowed (GenericExecute, GenericRead, ListChildren, ListObject, ReadControl, ReadProperty)
NT AUTHORITY\SYSTEM: AccessAllowed (CreateChild, Delete, DeleteChild, DeleteTree, ExecuteKey, FullControl, GenericExecute, GenericRead, GenericWrite, ListChildren, ListObject, Read, ReadAndExecute, ReadControl, ReadProperty, Self, WriteDacl, WriteKey, WriteOwner, WriteProperty)

GPO           : Computer Quarantine
AuditToString : Everyone Success  
                Everyone Failure  
                Everyone Success  
                Everyone Success  
Sddl          : NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS: AccessAllowed (GenericExecute, GenericRead, ListChildren, ListObject, ReadControl, ReadProperty)
NT AUTHORITY\Authenticated Users: AccessAllowed (GenericExecute, GenericRead, ListChildren, ListObject, ReadControl, ReadProperty)
NT AUTHORITY\SYSTEM: AccessAllowed (CreateChild, Delete, DeleteChild, DeleteTree, ExecuteKey, FullControl, GenericExecute, GenericRead, GenericWrite, ListChildren, ListObject, Read, ReadAndExecute, ReadControl, ReadProperty, Self, WriteDacl, WriteKey, WriteOwner, WriteProperty)

如有任何建议,我们将非常感激。

答案1

我认为这可能会让你更接近你所期望的东西;我相信你可以自己回到 Out-File 中:

Get-Gpo -All |
    ForEach-Object {$GPO = $_.DisplayName; Get-Acl -Path ("AD:\" + $_.Path) -Audit |
        Select-Object -Property `
           @{n="GPO";e={$GPO}}, `
           AuditToString, `
           @{n="SDDLString";e={(ConvertFrom-SddlString -Sddl $_.Sddl).SystemAcl}}
    } | Format-List

注意换行符;它们在这里只是为了让你不必侧滚动

相关内容