feat(FileManagement): add Find-MovedFolder and Set-BackupPrivilege functions

TheTaylorLee · TheTaylorLee · commit 950c66c97b6f · 2025-09-24T11:01:45.000-05:00
* Introduced `Find-MovedFolder` to locate directories at a specified path and depth.
* Added `Set-BackupPrivilege` to enable or disable SeBackupPrivilege for the current process.
diff --git a/.github/workflows/scripts/New-Manifest.ps1 b/.github/workflows/scripts/New-Manifest.ps1
@@ -184,7 +184,7 @@ function New-Manifest {
         $savepath = "$workingdirectory\modules\AdminToolbox.FileManagement"
         $Params = @{
             CompatiblePSEditions = "Desktop", "Core"
-            FunctionsToExport    = 'Get-FileManagement', 'Find-ComputersFiles', 'Get-FileOwner', 'Get-FolderSize', 'Invoke-Robocopy', 'Remove-All', 'Remove-DisabledADProfiles', 'Remove-OlderThan', 'Get-ShareReport', 'Get-FolderName', 'Get-FileName', 'Use-WSLnano', 'Get-EmptyDirectory', 'Get-LastUsedDirectory'
+            FunctionsToExport    = 'Get-FileManagement', 'Find-ComputersFiles', 'Get-FileOwner', 'Get-FolderSize', 'Invoke-Robocopy', 'Remove-All', 'Remove-DisabledADProfiles', 'Remove-OlderThan', 'Get-ShareReport', 'Get-FolderName', 'Get-FileName', 'Use-WSLnano', 'Get-EmptyDirectory', 'Get-LastUsedDirectory', 'Find-MovedFolder', 'Set-BackupPrivilege'
             Path                 = "$savepath\AdminToolbox.FileManagement.psd1"
             Author               = "Taylor Lee"
             Description          = "File Management Functions"
diff --git a/modules/AdminToolbox.FileManagement/ChangeLog.md b/modules/AdminToolbox.FileManagement/ChangeLog.md
@@ -45,25 +45,5 @@
 * **1.16.166** CI Maintenance Release
 * **1.17.0.0** Add workflow versioning
 * **1.17.0.1** CI Maintenance Release
-* **1.17.0.61** CI Maintenance Release
-* **1.17.0.62** CI Maintenance Release
-* **1.17.0.63** CI Maintenance Release
-* **1.17.0.64** CI Maintenance Release
-* **1.17.0.65** CI Maintenance Release
-* **1.17.0.66** CI Maintenance Release
-* **1.17.0.67** CI Maintenance Release
-* **1.17.0.68** CI Maintenance Release
-* **1.17.0.69** CI Maintenance Release
-* **1.17.0.70** CI Maintenance Release
-* **1.17.0.71** CI Maintenance Release
-* **1.17.0.72** CI Maintenance Release
-* **1.17.0.73** CI Maintenance Release
-* **1.17.0.74** CI Maintenance Release
-* **1.17.0.75** CI Maintenance Release
-* **1.17.0.76** CI Maintenance Release
-* **1.17.0.77** CI Maintenance Release
-* **1.17.0.78** CI Maintenance Release
-* **1.17.0.79** CI Maintenance Release
-* **1.17.0.80** CI Maintenance Release
-* **1.17.0.81** CI Maintenance Release
-* **1.17.0.82** CI Maintenance Release
+* **1.17.0.82** CI Maintenance Release
+* **1.18.0.0** Add Find-MovedFolder and Set-BackupPrivilege functions
diff --git a/modules/AdminToolbox.FileManagement/Public/Find-Movedfolder.ps1 b/modules/AdminToolbox.FileManagement/Public/Find-Movedfolder.ps1
@@ -0,0 +1,39 @@
+<#
+    .DESCRIPTION
+    Finds directories at a specified path and depth, displaying their names and full paths.
+
+    .PARAMETER Path
+    The root path to search for directories.
+
+    .PARAMETER Depth
+    The depth to search for directories.
+
+    .EXAMPLE
+    Find-MovedFolder -Path "E:\folder\topsharefolder" -Depth 2 | Out-GridView
+
+    .NOTES
+    Uses Out-GridView for interactive selection.
+
+    .LINK
+    https://github.com/TheTaylorLee/AdminToolbox
+#>
+
+function Find-MovedFolder {
+    param (
+        [Parameter(Mandatory)]
+        [string]$Path,
+        [Parameter(Mandatory)]
+        [int]$Depth
+    )
+
+    begin {
+        get-elevation
+        Set-BackupPrivilege -Enable $true
+    }
+    process {
+        Get-ChildItem $Path -Depth $Depth -Directory | Select-Object Name, FullName
+    }
+    end {
+        Set-BackupPrivilege -Enable $false
+    }
+}
diff --git a/modules/AdminToolbox.FileManagement/Public/Get-FileManagement.ps1 b/modules/AdminToolbox.FileManagement/Public/Get-FileManagement.ps1
@@ -4,6 +4,7 @@ function Get-FileManagement {
 
     Write-Host "File Functions"                                                                                     -ForegroundColor green
     Write-Host "Find-ComputersFiles        ..Finds queried files across 1 or more Computers"                        -ForegroundColor cyan
+    Write-Host "Find-MovedFolder           ..Finds directories at a specified path and depth"                       -ForegroundColor cyan
     Write-Host "Get-EmptyDirectory         ..Gets a list of directories with no files in them"                      -ForegroundColor cyan
     Write-Host "Get-FileName               ..Gets a gui for selecting a file"                                       -ForegroundColor cyan
     Write-Host "Get-FileOwner              ..Gets CSV of file owners for a path"                                    -ForegroundColor cyan
@@ -15,6 +16,7 @@ function Get-FileManagement {
     Write-Host "Remove-All                 ..Removes many files quickly to free up space"                           -ForegroundColor cyan
     Write-Host "Remove-DisabledADProfiles  ..Removes local profiles of disabled AD users"                           -ForegroundColor cyan
     Write-Host "Remove-OlderThan           ..Removes folders and files older than"                                  -ForegroundColor cyan
+    Write-Host "Set-BackupPrivilege        ..Enables SeBackupPrivilege for the current process"                     -ForegroundColor cyan
     Write-Host "Use-WSLnano                ..Use WSL to get a nano editor in PWSH"                                  -ForegroundColor cyan
     Write-Host " "
 }
diff --git a/modules/AdminToolbox.FileManagement/Public/Set-BackupPrivilege.ps1 b/modules/AdminToolbox.FileManagement/Public/Set-BackupPrivilege.ps1
@@ -0,0 +1,81 @@
+<#
+    .DESCRIPTION
+    Enables or disables the SeBackupPrivilege for the current process.
+
+    SeBackupPrivilege allows file content retrieval, even if the security descriptor on the file might not grant such access. A caller with SeBackupPrivilege enabled obviates the need for any ACL-based security check.
+
+    .Parameter Enable
+    Specifies whether to enable ($true) or disable ($false) the SeBackupPrivilege.
+
+    .EXAMPLE
+    Set-BackupPrivilege -Enable $true
+
+    .Notes
+    Requires administrative privileges.
+
+    .Link
+    https://github.com/TheTaylorLee/AdminToolbox
+#>
+
+function Set-BackupPrivilege {
+    param (
+        [Parameter(Mandatory = $true)]
+        [bool]$Enable
+    )
+
+    begin {
+        get-elevation
+        Add-Type @"
+using System;
+using System.Runtime.InteropServices;
+public class BackupPriv {
+    [DllImport("advapi32.dll", SetLastError = true)]
+    public static extern bool AdjustTokenPrivileges(IntPtr TokenHandle, bool DisableAll, ref TOKEN_PRIVILEGES NewState, uint BufferLength, ref TOKEN_PRIVILEGES PreviousState, out uint ReturnLength);
+    [DllImport("kernel32.dll")]
+    public static extern IntPtr GetCurrentProcess();
+    [DllImport("advapi32.dll", SetLastError = true)]
+    public static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);
+    [DllImport("advapi32.dll", SetLastError = true)]
+    public static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out LUID lpLuid);
+    [StructLayout(LayoutKind.Sequential)]
+    public struct TOKEN_PRIVILEGES { public uint PrivilegeCount; public LUID Luid; public uint Attributes; }
+    [StructLayout(LayoutKind.Sequential)]
+    public struct LUID { public uint LowPart; public int HighPart; }
+    public const uint TOKEN_ADJUST_PRIVILEGES = 0x20;
+    public const uint TOKEN_QUERY = 0x8;
+    public const uint SE_PRIVILEGE_ENABLED = 0x2;
+    public const uint SE_PRIVILEGE_DISABLED = 0x0;
+}
+"@
+    }
+    process {
+        $process = [BackupPriv]::GetCurrentProcess()
+        $token = [IntPtr]::Zero
+        $success = [BackupPriv]::OpenProcessToken($process, [BackupPriv]::TOKEN_ADJUST_PRIVILEGES -bor [BackupPriv]::TOKEN_QUERY, [ref]$token)
+        if (-not $success) {
+            Write-Error "Failed to open process token. Error: $([System.Runtime.InteropServices.Marshal]::GetLastWin32Error()). SeBackupPrivilege not set."
+        }
+
+        $luid = New-Object BackupPriv+LUID
+        $success = [BackupPriv]::LookupPrivilegeValue($null, "SeBackupPrivilege", [ref]$luid)
+        if (-not $success) {
+            Write-Error "Failed to open process token. Error: $([System.Runtime.InteropServices.Marshal]::GetLastWin32Error()). SeBackupPrivilege not set."
+        }
+
+        $tp = New-Object BackupPriv+TOKEN_PRIVILEGES
+        $tp.PrivilegeCount = 1
+        $tp.Luid = $luid
+        $tp.Attributes = if ($Enable) { [BackupPriv]::SE_PRIVILEGE_ENABLED } else { [BackupPriv]::SE_PRIVILEGE_DISABLED }
+
+        $prevTp = New-Object BackupPriv+TOKEN_PRIVILEGES
+        $returnLength = 0
+        $success = [BackupPriv]::AdjustTokenPrivileges($token, $false, [ref]$tp, [System.Runtime.InteropServices.Marshal]::SizeOf($prevTp), [ref]$prevTp, [ref]$returnLength)
+        if (-not $success) {
+            Write-Error "Failed to open process token. Error: $([System.Runtime.InteropServices.Marshal]::GetLastWin32Error()). SeBackupPrivilege not set."
+        }
+    }
+
+    end {
+    }
+
+}
