So essentially I have the below script which generates output like follows for NTFS:
Folder Path IdentityReference AccessControlType IsInherited InheritanceFlags PropagationFlags
E:\Folder\ DOMAIN\User1 Allow True/False ContainerInherit Object Inherit
E:\Folder\ DOMAIN\User2 Deny True/False ContainerInherit Object Inherit
Although this is useful, it would be even better if instead of just Allow/Deny I could get a output which indicates, Read/Write/Modify/FullControl flags.
See my below code, any ideas are appreciated!
$OutFile = "C:\Permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile
$RootPath = "E:\Folder"
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile
}}
The property you're looking for is $ACL.FileSystemRights.
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited," +
"InheritanceFlags,PropagationFlags,FileSystemRights"
#...
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," +
$ACL.AccessControlType + "," + $ACL.IsInherited + "," +
$ACL.InheritanceFlags + "," + $ACL.PropagationFlags + "," +
$ACL.FileSystemRights