PowerShell Script to find user permssions on the local server.

Similar Messages

• PowerShell script cannot find user permissions given directly (can find if permissions given in a group) - Please help.

  Hi there,
  I need to find ALL SharePOint sites/subsites/locations where "Domain\john" has any level of access. 
  Following script works if the permissions were given to Domain\john via a group - but this does not work if the permissions were given directly to the user (i.e. user is NOT part of the group).
  $weburl = "http://dev"
  Get-SPUser -web $weburl -Limit All | ?{$_.UserLogin -eq "Domin\john"} | select UserLogin, @{name="Url";expression={$_.ParentWeb.Url}}, @{name="Explicit given roles";expression={$_.Roles}}, @{name="Roles given via groups";expression={$_.Groups | %{$_.Roles}}},Groups | Out-String -Width 4096
  Help will be appreciated.
  Thank you.

  I don't really understand your request. It sounds like you just want to know the permissions per-user
  $weburl = "http://dev"
  Get-SPUser -web $weburl -Limit All | ?{$_.UserLogin} | select UserLogin, @{name="Url";expression={$_.ParentWeb.Url}}, @{name="Explicit given roles";expression={$_.Roles}}, @{name="Roles given via groups";expression={$_.Groups | %{$_.Roles}}},Groups | Out-String -Width 4096
  This will just return all the users and their permissions.
  If this is helpful please mark it so. Also if this solved your problem mark as answer.

• PowerShell Script to Clean User Profiles File Location

  Hello,
  I have been searching around to accomplish what I am trying to do. It is pretty basic so I am hoping someone can point me in the right direction. I want to write a powershell script to clean out two locations in all the user profiles on a Citrix server.
  Here are the steps I'd like to accomplish.
  1. Find all user profiles on the Citrix server
  2. Delete all the files from these two locations; "\Local Settings\Application Data\Mozilla\*.*" and "\Local Settings\Application Data\Microsoft\OneNote\*.*"
  This will run on a weekly basis via a scheduled task. A nice to have would be to add any profile over 60 days old.
  I have a pretty good start, but I am still learning PowerShell, so any help would be appreciated.
  Thanks in advance!
  Thanks, Jeremy

  Hello mbwc,
  how about showing us what you got so far and detail where you have trouble?
  That way, we can help you understand your problems and find the solution yourself (= good for learning), instead of having one of us simply provide the solution (= bad for learning).
  Cheers,
  Fred
  There's no place like 127.0.0.1

• PowerShell script to find a string of characters in office documents in Doc Libraries and List Item attachments?

  Hi there,
  For SharePoint 2010 site - Does someone have the PowerShell script to find a string of characters in Office/Word/Excel/PDF documents in document libraries or the ones attached to List Items?
  Thanks so much in advance.

  Hi,
  According to your description, my understanding is that you want to find some specific string character in list items using PowerShell Command.
  $w = Get-SPWeb "http://devmy131"
  $l = $w.GetList("http://devmy131/lists/fieldslist");
  $i = $l.Items[0]["Title"].ToString();
  if ($i -like '*document*')
  Write-Host "Title contains document character" $i;
  More information:
  PowerShell -contains -like
  Thanks
  Best Regards
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Error while executing script for sharepoint online (office 365) - the remote server returned an error: (503) server unavailable

  error while executing script for sharepoint online (office 365) - the remote server returned an error: (503) server unavailable.
  I am creating many site collections reading records from sharepoint list using powershell in sharepoint online tenant (office 365).
  Few site collections are created and then getting above error so this error record will be skipped then few succeeding record processed then again getting error.
  pattern is like:
  success
  success
  success
  success
  Error
  success
  success
  success
  success
  success
  success
  error
  success

  Hi,
  As it is an online environment, to troubleshoot this issue in an easier way, I suggest you contact Office 365 Support to see if there is any useful information in
  the log files in the server side:
  https://support.office.com/en-us/article/Contact-Office-365-for-business-support-32a17ca7-6fa0-4870-8a8d-e25ba4ccfd4b?ui=en-US&rs=en-US&ad=US
  Best regards
  Patrick Liang
  TechNet Community Support

• How to make Adobe acrobat feature to convert SAP  Pages to PDF available for multiple users connected to the same server

  We have installed Adobe Acrobat X Pro- English,Francais,Deutsch version 10.1.9 in our test environment and tried  testing it for converting SAP pages into PDF with a few pilot users. In doing so we faced a challenge, where only one user at a time can use Adobe Acrobat PRO to convert SAP pages in to PDF.As long as the first user who  is connected to Adobe Acrobat Pro via SAP isn’t logged off, other users connected to the same  server  are not being able to get the “Save As” dialog box to save the PDF in their preferred location.
  This is a business requirement and we need an urgent solution for the same. Can anyone help us in telling us if this is possible and if yes the how to go about?

  It's not something we deal with here, the LiveCycle products are a different world. Key points: Adobe LiveCycle is a range of products, some desktop, some server. LiveCycle PDF Generator is the one you should look at, it comes in 3 editions. License terms are by negotiation. Key management is via its Java API.

• Mail Flow between 2 AD Sites stops and EMC unavailable on the local server

  Hello All,
  I'm hoping you can help me find a solution to this recurring problem.
  SYMPTOMS :
  Mail Flow between 2 EXCH2010 servers in 2 different AD Sites (separate time zones) stops suddenly with no messages in the Event Viewer or exchange logs.
  When this happens the EMC is unavailable on the local server : Error message Connection attempt to http://<servername> with the help of "Kerberos" failed : The connection to the remote server failed with the following error : Access Refused
  Same error when opening Exchange Powershell
  On the OTHER server (ie the one I can connect to in Site 2) I can :
  1 - Connect to the first server using EMC with no problems
  2 - Using mail queue viewer pointed at the server in Site 2 I can see the following error for email directed to the server in Site 1 : 451 4.4.0 Primary target address responded with: "235 00000804YIIF/<load of alphanumeric characters 80 or so long>
  RECOVERY :
  A reboot of the server allows access to the EMC and Powershell and mail flow once again starts.... until the next time
  OTHER INFORMATION :
  When in the above state, ran Exchange Management Troubleshooter which finds errors but cannot identify them : "Unknown Error" then stops !
  Ran ExBPA : turns up nothing
  Currently needing to reboot every day or so.
  I though maybe the local server had a problem with resolving itself correctly, did some troubleshooting around that and turned up nothing. Even added itself to its hosts file in order to resolve its IP : Changed nothing.
  Searched on the above error 451 4.4.0 etc and turned up nothing useful.
  I think the Kerberos error is telling, but I haven't turned anything up during a search yet.
  Any ideas ?
  Please AMA if you need more info or clarification.
  Matthew

  Hello,
  When the issue happens, can you telent the target server successfully?
  Please refer to the following KB article to see if it helps:
  https://support2.microsoft.com/kb/979175?wa=wsignin1.0
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Code changes in the local server

  Hello ,
  I am on EP7.0 ERP05 and NW04s and trying to modify the ESS Applications and facing a problem where some changes are taking effect and working successfully in my local server but when I deploy them to our Development system , although it deploys it successfully it does not show the right result as in the Local server....
  Any help would be highly appreciated.

  Hi Subhash
  Try restarting your development server, and then deploy and run your application on it.
  I hope this helps you.
  Regards
  Kapil

• Hi, I am new to Mac and i managed to install and configure all the services. Now my issue is when i sending mail using the local server to internal, mail are not receiving. Mail queue showing Connection refused error. Please help me

  I am new to Mac and i managed to install and configure all the services. Now my issue is when i sending mail using the local server to internal, mails are not receiving. Mail queue showing Connection refused error. Please help me
  Thanks
  GIRI

  Try this -> http://support.apple.com/kb/TA38632?viewlocale=en_US

• I want to open an website by locking the local server

  i can't opening facebook due to locking by the local server. i want to open facebook by locking or bypassing local server

  If you don't have permission to access that server, you could be prosecuted for even attempting to access it, if you would get caught - access logs are kept for most all local networks for all network connections made or attempted. As far as bypassing it, if that server is the only way to access the internet from the local network you are using - good luck. Any network admin "worth his salt" would have that covered to protect his job and protect the network he is responsible for.
  ''Beyond that, this type of discussion isn't really appropriate for this forum, as it might involve illegal "hacking" - '''Moderator''' ''.

• Script to find users that are a member of more than one of a list of specific groups

  Hi,
  I need to generate a list of users that are members in more than one group, out of a list of specific security groups.  Here's the situation:
  1) We have about 1100 users, all nested under a specific OU called CompanyUsers.  There are sub-OUs under CompanyUsers that users may actually be in.
  2) We have about 75 groups, all directly under a specific OU called AppGroups.  These groups correspond to a user's role within an internal line of business application.  All these groups start with a specific character prefix "xyz", so the group
  name is actually "xyz-approle".
  I want to write a script that tells me if a user from point 1) is a member in more than one group in point 2).  So far, I've come up with a way to enumerate the users to an array:
  $userlist = get-qaduser -searchroot 'dq.ad/dqusers/doral/remote' | select samaccountname |Format-Table -HideTableHeaders
  I also have a way to enumerate all the groups that start with xyz that the user is a member of:
  get-QADMemberOf -identity <username> -name xyz* -Indirect
  I figure I can use the first code line to start a foreach loop that uses the 2nd code line, outputting to CSV format for easy to see manual verification.  But I'm having two problems:
  1) How to get the output to a CSV file in the format <username>,groupa,groupb,etc.
  2) Is there any easier way to do this, say just outputting the users in more than one group?
  Any help/ideas are welcome.
  Thanks in advance!
  John

  Here is a PowerShell script solution. I can't think of way to make this more efficient. You could search for all groups in the specfied OU that start with "xyz", then filter on all users that are members of at least one of these groups. However, I suspect
  that most (if not all) users in the OU are members of at least one such group, and there is no way to filter on users that are members of more than one. This solution returns all users and their direct group memberships, then checks each membership to
  see if it meets the conditions. It outputs the DN of any user that is a member of more than one specfied group:
  # Search CompanyUsers OU.
  strUsersOU = "ou=CompanyUsers,ou=West,dc=MyDomain,dc=com"
  $UsersOU = New-Object System.DirectoryServices.DirectoryEntry $strUsersOU
  # Use the DirectorySearcher class.
  $Searcher = New-Object System.DirectoryServices.DirectorySearcher
  $Searcher.SearchRoot = $UsersOU
  $Searcher.PageSize = 200
  $Searcher.SearchScope = "subtree"
  $Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
  $Searcher.PropertiesToLoad.Add("memberOf") > $Null
  # Filter on all users in the base.
  $Searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
  $Results = $Searcher.FindAll()
  # Enumerate users.
  "Users that are members of more than one specified group:"
  ForEach ($User In $Results)
      $UserDN = $User.properties.Item("distinguishedName")
      $Groups = $User.properties.Item("memberOf")
      # Consider users that are members of at least 2 groups.
      If ($Groups.Count -gt 1)
          # Count number of group memberships.
          $Count = 0
          ForEach ($Group In $Groups)
              # Check if group Common Name starts with the string "xyz".
              If ($Group.StartsWith("cn=xyz"))
                  # Make sure group is in specified OU.
                  If ($Group.Contains(",ou=AppsGroup,"))
                      $Count = $Count +1
                      If ($Count -gt 1)
                          # Output users that are members of more than one specified group.
                          $DN
                          # Break out of the ForEach loop.
                          Break
  Richard Mueller - MVP Directory Services

• Run a powershell script on every user login/unlock

  Hi everybody
  I need to run a powershell (that opens an interactive dialog box) when every user log in or unlock session or remote connection to this server.  In other words it have to be run every time a user enters a credential. 
  I tried task scheduler, but it didn't work properly. I tried triggers like "on workstation unlock" and "on connection to user session". I change user and group to administrators but still it runs under the author user (me) . 
  I found out user login event id is 4801 and 4778. can I use these event ids to run powershell code? Can I check raising the event ids through my code? 
  any other idea please?
  Thanks in advance

  Im not going to block a logon! I want to run a powershell code for every user login. assume like a message after user login. this kind of message for me is showing to me after other users login.
  specifically this is a window from that I designed to execute on user login to show on the server and every user writes down in the text box the changes that is making on the server. this is a changes log solution to me. then I need to show every user to
  work properly.
  You can run a scheduled task at logon that can display a message.  You can define this task in Group Policy.
  You can also just use the standard user logon message which can also be defined in Group Policy.
  You can execute a script task whenever an unlock event happens.  This, too, can be defined in Group Policy.
  ¯\_(ツ)_/¯

• How to find user who loaded the procs in DB

  Hi guys how to find user who loaded procs in database ..and the date...
  is there anyway..
  i tried to look at all_objects..but it didnot workout..
  thanks

  That is correct. You will only have audit rows for item that you are auditing. I am suggesting you audit all DDL in a production database since production jobs should not perform DDL with the probable exception of truncate. This will provide this type of information going forward. It will not help you answer the question of who created the procedure last week?
  Auditing is explained in the Security manual and the full comand syntax is available in the SQL manual.
  You can easily write a purge the audit data to remove data once it is no longer of interest based on the date the audit row was created.
  HTH -- Mark D Powell --

• FM to find user who locked the object using enqueue...

  Hello,
  How can I find name of user who enqueued the lock object in ABAP ?
  Regards,
  Jainam.

  Hi Jainam,
  See the SAP documentation, e.g. [FAQ - Lock concepts|http://help.sap.com/saphelp_NW04/helpdata/en/cb/168237d30d974be10000009b38f8cf/content.htm]:
  How can I find out who is currently holding the ungranted lock? In other words, how can check the program after an ENQUEUE to determine which use is currently holding the lock so that I can let him or her know?                                 
  This graphic is explained in the accompanying text Answer
  When the ENQUEUE_... function module is returned, the name of the lock owner is listed in SY-MSGV1.
  If you don't want to attempt to lock an object and just check who might own a lock use function module ENQUEUE_READ. Lots of comments in the forum...
  Cheers, harald

• How to find user exit for the transaction PBAW

  Dear Freinds
               In Recruitment ....PBAW(Job Advertisements--when we execute the
  transaction PBAW ...we can find create Advertisement...  > here will create posting
  in this screen i have to add a field  Status  . could you please let me know how
  i can add.. Is there any user exit through which i can add a field or there is any way...
  as it is standard..
  regards
  Vamsi.

  Hello Vamsi,
  This might be of help. It is a program to find user exits based on transaction codes. Just install it on your sandbox and see if it works for you.
  http://www.erpgenie.com/abap/code/abap26.htm
  KR,
  Peter Linn