October 12, 2010 at 12:20 pm
For those that work with miltary or any government agency you have to deal with DoD STIGs (basic security hardening of SQL Server installations). One of those checks is the ownership of all the DBMS and dependent application software and configuration files. Which it pretty much wants to see the installation account and/or the service account running SQL to own the files.
I thought I could do it with PowerShell. Which I have gotten to a point where I'm stuck.
This gives me the path and filename that I need in order to use this command to get the Owner:
$path = 'T:\MSSQL'
dir $path -Recurse | ft FullName
This gets the owner:
(Get-Acl 'T:\MSSQL\log\ERRORLOG').Owner
Which I though something like this would work but it don't:
dir $path -Recurse | ft FullName | ForEach-Object {(Get-Acl $_).Owner}
I would also like to do something like this as well:
dir $path -Recurse | ft FullName | ForEach-Object {(Get-Acl $_).Access | `
ft FileSystemRights, AccessControlType, IdentityReference -AutoSize}
According to help for Get-Acl it accepts System.String as an input.
How can I go about changing the object returned in the "ft Fullname" to a string so that the ForEach-Object cmdlet will accept it?
Or is there another way of doing it?
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
October 13, 2010 at 4:21 pm
dir $path -Recurse | ft FullName | ForEach-Object {(Get-Acl $_).Owner}
I think this may not be working because foreach-object needs to reference an array object to work like foreach-object {<$object> in <$array>}
I would also like to do something like this as well:
dir $path -Recurse | ft FullName | ForEach-Object {(Get-Acl $_).Access | `ft FileSystemRights, AccessControlType, IdentityReference -AutoSize}
According to help for Get-Acl it accepts System.String as an input.
How can I go about changing the object returned in the "ft Fullname" to a string so that the ForEach-Object cmdlet will accept it?
Or is there another way of doing it?
Not sure if you're going to be able to do this with one command. You may have to run through every object in the foreach loop extracting the string property you need in a step of the loop and then pass that to get-acl.
Joie Andrew
"Since 1982"
October 13, 2010 at 8:02 pm
For the owner:
PS> $path = 'T:\MSSQL'
PS> Get-ChildItem $path -Recurse | % {(Get-Acl $_)} | Format-Table
By default, that will get you the Path, Owner and Access. Not sure about the other values you are looking for. I am not sure where those would be coming from.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
October 13, 2010 at 8:16 pm
Another option is:
PS> Get-ChildItem $path -Recurse | % {$_.GetAccessControl()}
Or, you can use an expression:
PS> Get-ChildItem $path -Recurse | Format-Table FullName, @{Label="Owner";Expression={$_.GetAccessControl().Owner}}
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply