Finding Explicit Permissions

by Jan 5, 2015

All PowerShell versions

Typically, NTFS permissions in the file system are inherited. You can, however, add explicit permissions to files and folders.

To find out where inheritance was changed and direct security settings have been added, you can use this code sample:

Get-ChildItem c:\Windows -Recurse -Directory -ErrorAction SilentlyContinue |
  Where-Object { (Get-Acl -Path $_.FullName -ErrorAction SilentlyContinue).Access | 
  Where-Object { $_.isInherited -eq $false } } 

In this example, Get-ChildItem searches for folders inside the Windows folder. Change "C:\Windows" to any folder path you want to examine.

Then, the script reads the security descriptor of each folder and looks whether there are any access control entries with the property isInherited set to $false.

If this is true, the folder is reported back to you.

Twitter This Tip! ReTweet this Tip!