List all shared folder and sub folder permissions

Good day scripting guys and gals,

This is a quick post on how to get a full list of access rights of your shared folders.
I am only interested in the folder rights and don’t need the file access rights.

Declare variables

$source = "path to the top folder you want to start the list"
$outfile ="path and filename to the csv output: ex c:\temp\folderrights.csv"

Only list folders

get-childitem $source  -recurse | Where-Object{($_.psiscontainer)}|% {

get-childitem $source -recurse :
Get all the folders and subfolders starting from the $source path.

Where-Object{($_.psiscontainer)} :
Only get the folders, not the files. If you also need the files in the folders, remove this rule out of the script.

Get folder name

$folder = $_.FullName 

Read Access List of the folder

Get-Acl $folder |
select -ExpandProperty Access  |

Get-Acl $folder :
Get the access control list of the folder.

Select -ExpandProperty Access :
Expand the Access (security) property of the returned object. This allows you to get the following properties.

  • FileSystemRights: What rights does the user/group have on the folder (ex. Write, ReadAndExecute, Synchronize)
  • AccesControlType: Is it  allow or deny
  • IdentityReference: Domain\Username
  • IsInherited: False/True
  • Inheritanceflag: What are the inheritance settings
  • PropagationFlags: Propagation settings (inheritOnly, None, NoProipagateInherit)
select  @{n='FolderName';e={$folder}},IdentityReference,filesystemrights,Isinherited,inheritanceflags |
 where IdentityReference -ne $null|

select  @{n=’FolderName’;e={$folder}},IdentityReference,filesystemrights,Isinherited,inheritanceflags:

I am only interested in the folder name, User/group, The rights and the inheritance of the settings, so i will only select these from the output.

where IdentityReference -ne $null:

The script will provide a list of folders without IdentityReference (User/Group) as first output values, this rule will exclude all values that don’t have an IdentityReference.

ConvertTo-Csv -NoTypeInformation | select -Skip 1 | Add-Content $outfile

ConvertTo-Csv -NoTypeInformation:

Convert the output to comma separated values.

select -Skip 1

Don’t add the column names.

 Add-Content $outfile

Add this to the outputfile.

You now have a list with all the necessary information.

Below the full script:

$source = "path to the top folder you want to start the list"
$outfile ="path and filename to the csv output: ex c:\temp\folderrights.csv"
get-childitem $source  -recurse | Where-Object{($_.psiscontainer)} |% {
$folder = $_.FullName   
Get-Acl $folder |
select -ExpandProperty Access  |
select  @{n='FolderName';e={$folder}},IdentityReference,filesystemrights,Isinherited,inheritanceflags | where IdentityReference -ne $null|
ConvertTo-Csv -NoTypeInformation | select -Skip 1 | Add-Content $outfile
}

Leave a Reply

Your email address will not be published. Required fields are marked *