kewalaka/Get-NonInheritedACLs.ps1

## Get-NonInheritedACLs.ps1
#
# Script that takes a start path and recursively checks for directory permissions
# Inherited permissions are ignored except for the start folder.
# Current folder progress written to the screen, output to a CSV located where the script is run from.
#
# Stu <kewalaka@gmail.com>
#
$startPath = "C:\Temp\PermTest" # CHANGE ME

$global:results = @()
# recursive function to get ACLs in subfolders that are not inherited
function Get-NonInheritedACLs($path) {
    Write-host "Checking $path"
    # get non-inherited permissions, record results in global var
    (Get-acl -path $path).Access | where { -not ($_.IsInherited) } | foreach {

        $global:results += [PSCustomObject][Ordered] @{
            Path              = $path
            AccessControlType = $_.AccessControlType
            FileSystemRights  = $_.FileSystemRights
            IdentityReference = $_.IdentityReference
            InheritenceFlags  = $_.InheritenceFlags
            PropagationFlags  = $_.PropagationFlags
        }
    }
    # call function recursively to walk the folder tree
    Get-ChildItem -Directory $path | foreach {
        Get-NonInheritedACLs $_.FullName
    }
}

Write-Host "Starting at path $startPath"

# include inherited permissions at the starting point
(Get-acl -path $startPath).Access | where IsInherited | foreach {
    $results += [PSCustomObject][Ordered] @{
        Path              = $startPath
        AccessControlType = $_.AccessControlType
        FileSystemRights  = $_.FileSystemRights
        IdentityReference = $_.IdentityReference
        InheritenceFlags  = $_.InheritenceFlags
        PropagationFlags  = $_.PropagationFlags
    }
}

Get-NonInheritedACLs $startPath

# if the script is not first saved, $PSScriptRoot will equal an empty string, so use the current path.
if (!$PSScriptRoot) { $PSScriptRoot = "." }
# output results - remove characters from the path that would result in an invalid file name
$global:results | Export-Csv $PSScriptRoot\"$($startPath.Replace('\','-').Replace(':',''))-permissions.csv" -NoTypeInformation
	#
	# Script that takes a start path and recursively checks for directory permissions
	# Inherited permissions are ignored except for the start folder.
	# Current folder progress written to the screen, output to a CSV located where the script is run from.
	#
	# Stu <kewalaka@gmail.com>
	#
	$startPath = "C:\Temp\PermTest" # CHANGE ME

	$global:results = @()
	# recursive function to get ACLs in subfolders that are not inherited
	function Get-NonInheritedACLs($path) {
	Write-host "Checking $path"
	# get non-inherited permissions, record results in global var
	(Get-acl -path $path).Access \| where { -not ($_.IsInherited) } \| foreach {

	$global:results += [PSCustomObject][Ordered] @{
	Path = $path
	AccessControlType = $_.AccessControlType
	FileSystemRights = $_.FileSystemRights
	IdentityReference = $_.IdentityReference
	InheritenceFlags = $_.InheritenceFlags
	PropagationFlags = $_.PropagationFlags
	}
	}
	# call function recursively to walk the folder tree
	Get-ChildItem -Directory $path \| foreach {
	Get-NonInheritedACLs $_.FullName
	}
	}

	Write-Host "Starting at path $startPath"

	# include inherited permissions at the starting point
	(Get-acl -path $startPath).Access \| where IsInherited \| foreach {
	$results += [PSCustomObject][Ordered] @{
	Path = $startPath
	AccessControlType = $_.AccessControlType
	FileSystemRights = $_.FileSystemRights
	IdentityReference = $_.IdentityReference
	InheritenceFlags = $_.InheritenceFlags
	PropagationFlags = $_.PropagationFlags
	}
	}

	Get-NonInheritedACLs $startPath

	# if the script is not first saved, $PSScriptRoot will equal an empty string, so use the current path.
	if (!$PSScriptRoot) { $PSScriptRoot = "." }
	# output results - remove characters from the path that would result in an invalid file name
	$global:results \| Export-Csv $PSScriptRoot\"$($startPath.Replace('\','-').Replace(':',''))-permissions.csv" -NoTypeInformation