A short script to list explicit rights assigned to a directory structure. It uses the recursive option of ls (an Alias for Get-ChildItem) to drop down through the directory structure.
The match is not case sensitive. If the value for $SecurityPrincipal is left blank the script will return all explicitly assigned rights.
# Uses match, either a specific user / group or blank for all explicit rights
$SecurityPrincipal = "chris"
# The starting point
$BasePath = "C:"
Get-ChildItem $BasePath -Recurse | ForEach-Object {
$item = $_
# Add an entry to the report where it matches the criteria set in the ? pipe
(Get-ACL -Path $item.FullName).Access |
Select-Object @{n="Path";e={ $item.FullName }},
FileSystemRights, IsInherited, IdentityReference |
Where-Object {
$_.IdentityReference.Value -match $SecurityPrincipal -and
$_.IsInherited -eq $false
}
}