Powershell export list of files and folders that have custom ACL with just the difference from the parent folder

Question

in an old server share I have a lot of nested folders with different permissions that I need to analyze the permissions. I would need a script to have the list of all the files & folders that have a different ACL from the parent one... all the folders have inheritance enabled but in some folders and files permissions have been added to users and groups which are then replicated on subfolders.

I hope explained my problem Can anyone help me? Thanks in advance

I was able to deduce that all folders and files have inheritance enabled.

Answer 1

You can obtain the ACL for each file system by piping the output from Get-ChildItem to Get-Acl. To list only explicit (eg. non-inherited) permissions, call GetAccessRules($true, $false, ...):

$rootFolder = Get-Item path\to\root\folder
$rootFolder |Get-ChildItem -Recurse |Where-Object {
  -not( ($_ |Get-Acl).GetAccessRules($true, $false, [System.Security.Principal.SecurityIdentifier]) )
} |Select FullName,Length |Export-Csv path\to\output\report.csv -NoTypeInformation

The resulting CSV file will contain the path to any file/folder with an ACL differing from it's inherited access rules.