NTFS, PowerShell, Get-ACL & listing explicit rights

Chris Dent

Read more posts by this author.

Chris Dent

22 Oct 2008 • 1 min read

A short script to list explicit rights assigned to a directory structure. It uses the recursive option of ls (an Alias for Get-ChildItem) to drop down through the directory structure.

The match is not case sensitive. If the value for $SecurityPrincipal is left blank the script will return all explicitly assigned rights.

# Uses match, either a specific user / group or blank for all explicit rights
$SecurityPrincipal = "chris"

# The starting point
$BasePath = "C:"

Get-ChildItem $BasePath -Recurse | ForEach-Object {
    $item = $_

    # Add an entry to the report where it matches the criteria set in the ? pipe
    (Get-ACL -Path $item.FullName).Access |
        Select-Object @{n="Path";e={ $item.FullName }},
            FileSystemRights, IsInherited, IdentityReference |
        Where-Object {
            $_.IdentityReference.Value -match $SecurityPrincipal -and
            $_.IsInherited -eq $false
        }
}

NTFS, PowerShell, Get-ACL & listing explicit rights

Chris Dent

Chris Dent

Log file scrubber for IIS

Exchange 2007 & Manager Can Update Membership List