Good day scripting guys and gals,
This is a quick post on how to get a full list of access rights of your shared folders.
I am only interested in the folder rights and don’t need the file access rights.
Only list folders
get-childitem $source -recurse :
Get all the folders and subfolders starting from the $source path.
Only get the folders, not the files. If you also need the files in the folders, remove this rule out of the script.
Get folder name
Read Access List of the folder
Get-Acl $folder :
Get the access control list of the folder.
Select -ExpandProperty Access :
Expand the Access (security) property of the returned object. This allows you to get the following properties.
- FileSystemRights: What rights does the user/group have on the folder (ex. Write, ReadAndExecute, Synchronize)
- AccesControlType: Is it allow or deny
- IdentityReference: Domain\Username
- IsInherited: False/True
- Inheritanceflag: What are the inheritance settings
- PropagationFlags: Propagation settings (inheritOnly, None, NoProipagateInherit)
I am only interested in the folder name, User/group, The rights and the inheritance of the settings, so i will only select these from the output.
where IdentityReference -ne $null:
The script will provide a list of folders without IdentityReference (User/Group) as first output values, this rule will exclude all values that don’t have an IdentityReference.
Convert the output to comma separated values.
select -Skip 1
Don’t add the column names.
Add this to the outputfile.
You now have a list with all the necessary information.
Below the full script: