Hi, can anyone point me to a script which will collect all the permissions that are given to folders as well as individual VMs alsong with their inheritance setting in a excel sheet?
Also, it would be nice, If I can get a list of VMs in my each folder.
Thanks
Give the following script a go.
$report = @() foreach($folder in Get-Folder){ $folder | Get-VIPermission | %{ $row = "" | Select Name, Type, Folder, Principal, Role, Inherited $row.Name = $folder.Name $row.Type = "Folder" $row.Folder = "na" $row.Principal = $_.Principal $row.Role = $_.Role $row.Inherited = ($_.EntityId -ne $folder.Id) $report += $row } foreach($vm in ($folder |Get-VM -NoRecursion:$true)){ $vm | Get-VIPermission | %{ $row = "" | Select Name, Type, Folder, Principal, Role, Inherited $row.Name = $vm.Name $row.Type = "VM" $row.Folder = $folder.Name $row.Principal = $_.Principal $row.Role = $_.Role $row.Inherited = ($_.EntityId -ne $vm.Id) $report += $row } } } $report
Since you wanted folders and guests in 1 report, I included the Type property which will show if the object is a guest or a folder.
The Inherited property tells if a permisson was inherited ($true) or not ($false).
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I had a feeling that you are going to reply to my request and it was rigght )
Can I get this output in the excel file ?
Sure, change the last line into
$report | Export-Csv "C:\report.csv" -NoTypeInformation
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks, I ran it against my VC and it was a huge report with 11367 rows )
The purpose behind this report is it have a weekly audit done for all the permission and if something is broken OR someone added a user to a folder, which was not authorised, we can quickly fix it. But with this report I think it will be very cumbersome.
Is there a way which can narrow down this report.
I don't mind running two scripts. 1) For folders and their contents and 2) For the permission that is being assigned to the folders and VM.
Sorry for the trouble
This report will only give you the folders and the VMs.
$report = @() foreach($folder in Get-Folder){ foreach($vm in ($folder | Get-VM -NoRecursion:$true)){ $row = "" | Select Folder,VMName $row.VMName = $vm.Name $row.Folder = $folder.Name $report += $row } } $report | Export-Csv "C:\Folder-vm.csv" -NoTypeInformation
Is this what you are looking for in 1) ?
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, that takes care of the VMs and folders thanks a lot
Can you also help me with the permission? I dont want a huge report but at the same time, it should be good for audit purpose?
Thanks a ton !!!
Do you want to see the inherited permissions ?
Without those the report will be substantially shorter.
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ok, try this one.
$report = @() foreach($folder in Get-Folder){ $folder | Get-VIPermission | where{$_.EntityId -eq $folder.Id} | %{ $row = "" | Select Name, Type, Folder, Principal, Role $row.Name = $folder.Name $row.Type = "Folder" $row.Folder = "na" $row.Principal = $_.Principal $row.Role = $_.Role $report += $row } foreach($vm in ($folder |Get-VM -NoRecursion:$true)){ $vm | Get-VIPermission | where{$_.EntityId -eq $vm.Id} | %{ $row = "" | Select Name, Type, Folder, Principal, Role $row.Name = $vm.Name $row.Type = "VM" $row.Folder = $folder.Name $row.Principal = $_.Principal $row.Role = $_.Role $report += $row } } } $report
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference