PowerCLI

Hi, can anyone point me to a script which will collect all the permissions that are given to folders as well as individual VMs alsong with their inheritance setting in a excel sheet?

Also, it would be nice, If I can get a list of VMs in my each folder.

Thanks

My blog:

Give the following script a go.

$report = @()
foreach($folder in Get-Folder){
	$folder | Get-VIPermission | %{
			$row = "" | Select Name, Type, Folder, Principal, Role, Inherited
			$row.Name = $folder.Name
			$row.Type = "Folder"
			$row.Folder = "na"
			$row.Principal = $_.Principal
			$row.Role = $_.Role
			$row.Inherited = ($_.EntityId -ne $folder.Id)
			$report += $row
		}
	foreach($vm in ($folder |Get-VM -NoRecursion:$true)){
		$vm | Get-VIPermission | %{
			$row = "" | Select Name, Type, Folder, Principal, Role, Inherited
			$row.Name = $vm.Name
			$row.Type = "VM"
			$row.Folder = $folder.Name
			$row.Principal = $_.Principal
			$row.Role = $_.Role
			$row.Inherited = ($_.EntityId -ne $vm.Id)
			$report += $row
		}
	}
}
$report

Since you wanted folders and guests in 1 report, I included the Type property which will show if the object is a guest or a folder.

The Inherited property tells if a permisson was inherited ($true) or not ($false).

____________

Blog: LucD notes

Twitter: lucd22

I had a feeling that you are going to reply to my request and it was rigght :smileyhappy:)

Can I get this output in the excel file ?

My blog:

Sure, change the last line into

$report | Export-Csv "C:\report.csv" -NoTypeInformation

____________

Blog: LucD notes

Twitter: lucd22

Thanks, I ran it against my VC and it was a huge report with 11367 rows :smileyhappy:)

The purpose behind this report is it have a weekly audit done for all the permission and if something is broken OR someone added a user to a folder, which was not authorised, we can quickly fix it. But with this report I think it will be very cumbersome.

Is there a way which can narrow down this report.

I don't mind running two scripts. 1) For folders and their contents and 2) For the permission that is being assigned to the folders and VM.

Sorry for the trouble

My blog:

This report will only give you the folders and the VMs.

$report = @()
foreach($folder in Get-Folder){
	foreach($vm in ($folder | Get-VM -NoRecursion:$true)){
		$row = "" | Select Folder,VMName
		$row.VMName = $vm.Name
		$row.Folder = $folder.Name
		$report += $row
	}
}
$report | Export-Csv "C:\Folder-vm.csv" -NoTypeInformation

Is this what you are looking for in 1) ?

____________

Blog: LucD notes

Twitter: lucd22

Yes, that takes care of the VMs and folders thanks a lot

Can you also help me with the permission? I dont want a huge report but at the same time, it should be good for audit purpose?

Thanks a ton !!!

My blog:

Do you want to see the inherited permissions ?

Without those the report will be substantially shorter.

____________

Blog: LucD notes

Twitter: lucd22

Lets try without inheritance.

My blog:

Ok, try this one.

$report = @()
foreach($folder in Get-Folder){
	$folder | Get-VIPermission | where{$_.EntityId -eq $folder.Id} | %{
			$row = "" | Select Name, Type, Folder, Principal, Role
			$row.Name = $folder.Name
			$row.Type = "Folder"
			$row.Folder = "na"
			$row.Principal = $_.Principal
			$row.Role = $_.Role
			$report += $row
		}
	foreach($vm in ($folder |Get-VM -NoRecursion:$true)){
		$vm | Get-VIPermission | where{$_.EntityId -eq $vm.Id} | %{
			$row = "" | Select Name, Type, Folder, Principal, Role
			$row.Name = $vm.Name
			$row.Type = "VM"
			$row.Folder = $folder.Name
			$row.Principal = $_.Principal
			$row.Role = $_.Role
			$report += $row
		}
	}
}
$report

____________

Blog: LucD notes

Twitter: lucd22