CODEWITHSUNDEEP
powershellacl
Soulless Rekkr
Soulless Rekkr

Reputation: 125

PowerShell Inheritance False

Trying to only show the folders that IsInherited is False

My Code

$folder = "C:\TZTEST"
$aclentry = get-childitem $folder -recurse -force | get-acl | % {$_.Access}
$manypaths = get-childitem $folder -recurse -force
$aclentry | Format-Table

$newlist = @()

foreach($onepath in $manypaths) {
$acldata=$(get-childitem $folder -recurse -force | get-acl | % {$_.Access})
$itemobject = New-Object –TypeName PSObject
    if ($onepath.Mode -match "d-----" -and $acldata.IsInherited -eq $false -and $acldata.PropagationFlags -eq "InheritOnly") {
        $itemobject | Add-Member –MemberType NoteProperty –Name "Location" -Value $onepath.FullName
        $itemobject | Add-Member –MemberType NoteProperty –Name "IsInherited" -Value $acldata.IsInherited
        $newlist +=$itemobject
        }
}
$newlist

Works partially When all folders inheriting permissions under the targeted folder gives no output (correct) When one or more folders are not inheriting permissions the output shows all folders under the targeted folder(incorrect)

Folder Setup Targeted Folder |-Subfolder1 - Subfolder3 |-Subfolder2

Inheritance enabled on 2 of the 3 subfolders (Subfolder1, Subfolder2 enabled) (Subfolder3 disabled) (incorrect output) Folder Permission - Subfolder3 No Inherit

Inheritance enabled on all subfolders (correct output) Folder Permission - All Inherit (no output)

My Question Is there some way to make only the folder that does not have inheritance enabled show in my output?

Thanks in advance for any help or insight you can provide.

Upvotes: 0

Views: 2946

Answers (1)

Ash
Ash

Reputation: 3246

I think you just want the output from folders where 'IsInherited' on all Access Control Entries is false. With that in mind, we just need to evaluate them as to whether they contain $true.

I have set a folder path up similar to your example and disabled inheritance on the bottom directory.

C:\Test\Test\NoInherit

Get-ChildItem C:\Test -Recurse | 
? { $_.Attributes -eq [System.IO.FileAttributes]::Directory } | 
? { ((Get-Acl -Path $_.FullName).GetAccessRules($true,$true,[System.Security.Principal.NTAccount]).IsInherited -notcontains $true) -eq $true }

Upvotes: 1

Related Questions