get-acl 'Inherited From'

This topic contains 1 reply, has 2 voices, and was last updated by  Max Kozlov 2 months, 2 weeks ago.

  • Author
    Posts
  • #71933

    Aaron
    Participant

    I am trying to find for each ACE how to determine where it's permissions are inherited from. I cant seem to find the actual folder it is inherited from in get-acl...

    Here is a pic to better illustrate what i'm talking about...Image

  • #71987

    Max Kozlov
    Participant

    You need to walk up the tree and find all not inherited permissions.
    and then analyze it
    something like that

    function Get-NotInheritedACL($Path) {
    	Get-Acl -Path $path |
    	 Select-Object -ExpandProperty Access |
    	 Where-Object { -Not $_.IsInherited } |
    	 Foreach-Object {
    		[PSCustomObject]@{
    			Path = $Path
    			Access = $_
    		}
    	}
    	$parent = Split-Path $Path
    	if ($parent) {
    		Get-NotInheritedACL $parent
    	}
    }
    
    Get-NotInheritedACL 'C:\Program Files\Common Files\Microsoft Shared\'
    

You must be logged in to reply to this topic.