get-acl 'Inherited From'

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Max Kozlov Max Kozlov 3 weeks ago.

  • Author
    Posts
  • #71933
    Profile photo of Aaron
    Aaron
    Participant

    I am trying to find for each ACE how to determine where it's permissions are inherited from. I cant seem to find the actual folder it is inherited from in get-acl...

    Here is a pic to better illustrate what i'm talking about...Image

  • #71987
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    You need to walk up the tree and find all not inherited permissions.
    and then analyze it
    something like that

    function Get-NotInheritedACL($Path) {
    	Get-Acl -Path $path |
    	 Select-Object -ExpandProperty Access |
    	 Where-Object { -Not $_.IsInherited } |
    	 Foreach-Object {
    		[PSCustomObject]@{
    			Path = $Path
    			Access = $_
    		}
    	}
    	$parent = Split-Path $Path
    	if ($parent) {
    		Get-NotInheritedACL $parent
    	}
    }
    
    Get-NotInheritedACL 'C:\Program Files\Common Files\Microsoft Shared\'
    

You must be logged in to reply to this topic.