FUNctions: Episode IV, A New Folder Permission

Phew! These Star Wars themed titles are getting difficult to craft. Only five more to go!

TL;DR Check out GitHub

Ok, so imagine you’ve got a huge fileshare with delegated access to an untold amount of groups. You get lost in trying to track down who has access to what! That’s where this function comes in handy. Let’s break it down below:

Section 1 | The Breakdown

We are going to run a Get-ChildItem against a directory, but the cool part is we can distinguished how deep we want to go with the recursive indexing

$Folders = Get-ChildItem -Path $FolderPath -Depth $Depth -Recurse -Force

Next, we’ll start an array and capture the ACL properties of each folder. We are going to grab the following ACL properties to help us analyze who has access to what:

  1. Folder’s full path = .FullName
  2. Groupings/Users who have access = .IdentityReference
  3. Access Rights/Permissions = .FileSystemRights
  4. Whether permissions are inherited from the parent = .IsInherited
$OutputData = @()
foreach ($Folder in $Folders) {
    $Acl = Get-Acl -Path $Folder.FullName
    foreach ($Access in $Acl.Access) {
        $Properties = [ordered]@{
            "Folder Name" = $Folder.FullName
            "Group/User" = $Access.IdentityReference
            "Permissions" = $Access.FileSystemRights
            "Inherited" = $Access.IsInherited
        }
        $OutputData += New-Object -TypeName PSObject -Property $Properties

Now take that $OutputData and export it to a CSV so we can analyze it.

$OutputData | Export-Csv -Path "$($OutputPath)\FolderPermissionsExport-$(Get-Date -format yyyy-MM-dd).csv" -NoTypeInformation

Your output will look similar to this:

Now I can do the grunt work of fixing which group has access to what…. Or maybe I’ll automate that too?

Thanks for reading! I hope this briefing helps someone out when management asks for an audit of your fileshare permissions.

As always:

This project is provided “as is” without any warranty of any kind, express or implied. Use it at your own risk. The authors and contributors are not responsible for any damage, data loss, or other issues that may arise from using this software. You are solely responsible for any actions taken based on this code.