Here in the PowerShell ISE I have pasted in that Get-SPUserEfferctivePermissions function. I have saved this as SPsecurity.psm1 instead of ps1. That makes it a script module. I am just going to open my normal PowerShell. I am going to see if I can get into my SharePoint server using the PowerShell remoting. I did save that script in the root of the C:\ to make it easy to get to. Let’s load that module using import-module C:\spsecurity.psm1. Okay, that is there.
Now, because I did not start this copy of PowerShell using the SharePoint Management Console shortcut, there is no way to do that through remoting, I need to go ahead and load the actual SharePoint “stuff”. That will be Add-PSSnapin microsoft.sharepoint.powershell. That should load up in just a few seconds. Great.
The first thing is, I need to decide what user I want to look at. Let’s start with: $user-‘COMPANY\Administrator’ and Get-SPWeb http://server-r2 this will give the base one and I am just going to run that command by itself to make sure I got something back, and I did. Now that I have got that, I can say Get-SPWeb http://server-r2 | get-SPUserEffectivePermissions $user| export-csv C:\perms.csv. Now we should have a perms.csv
If I didn’t want to do that, here is a neat trick, and this is what the author of the function on his blog originally did, pump it to an out-gridview. Except, I cannot do and out-gridview over a remote session, of course, but let’s just take a look at the results. This is showing me that this user has limited access permission over that resource which is and SPWeb and it was granted by direct assignment. One of the reasons I put this in a variable is so that I can simply change user https://www.quest.com/community, hit the up arrow a few times to pull that back, and run it for a different user.
You can see that you can easily get this into a CSV file or if you are running it local you could pop it up into a grid view, all kinds of stuff. But, going through every single securable, this is just one Web, I would have to do this for every single Web, every single list. All of this would just take too long, not to mention, having to run through it for every single user. That is when I started to realize that using PowerShell to generate this kind of really comprehensive report, probably not so practical.
PowerShell is probably a great way to check a particular user and if you have an auditing need, so and so just left the company and we need to figure out what they had permission to or what permission they had on this particular Web. This is probably a good technique for that and this function is handy for that purpose, but in terms of producing an entire report, not so much. In my article, SharePoint Security Reporting using PowerShell, I will explore what I think the alternatives are. Before we do that, be sure to close that PS session and close the PowerShell.