Can´t get inheritfrom folder name

Hello everyone, i need your help regarding to a script i´m building that print the same acl that windows gui shows the security tab.
The thing is, that i have a scenario where the script doesnt show the “inherited from” directory.
I have found an example, where a child directory has an applyTo “This folder and subolders”, but its parent has “This folder, subfolders and files”. And thats why, i get no inherit from.
But from the windows gui security tab, it shows the inherit from .
Here is the example, and below the script.

I will appreciate any help, cause i´ve read a lot and tried everything find a solution but i haven´t found it yet.
Example:
Parent Directory : c:\temp
Child Directory: c:\temp\carpeta3\subCarpeta3 (that inherits from c:\temp)

Here is my script (Sorry about my english)

function get-FindInheritedLocal{

    [CmdLetBinding()]
    param(
        [Parameter(Mandatory=$true)][String]$directory,
        [Parameter(Mandatory=$true)][System.Security.AccessControl.FileSystemAccessRule]$user   
        
    )

    BEGIN{
        
        ## I get for only the first time the acl of the user i give as parameter and the directory
        $acc=(get-acl (split-path -Path $directory -Parent)).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
        -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
        -eq $user.InheritanceFlags -and $_.FileSystemRights -eq $user.FileSystemRights`
        -and $_.PropagationFlags -eq $user.PropagationFlags}

    }

    PROCESS{

        # While is inherited and it has a parent folder
        while ($acc.IsInherited -eq $true -and (Split-Path -Path $directory -Parent)){
            
            # I assign to $directory, the parent directory
            $directory=Split-Path -Path $directory -Parent

            ## Brings the acl of the user  
            $acc=(get-acl -Path $directory).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
            -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
            -eq $user.InheritanceFlags -and $_.FileSystemRights -eq $user.FileSystemRights`
            -and $_.PropagationFlags -eq $user.PropagationFlags}
            
            
           
           # If it is not inherited, it found the parent where it inherited from
            
           if($a=$acc | ? {$_.isinherited -eq $false}){

                $prop = @{  Path=$directory
                            Permission=$a.FileSystemRights
                            Identity=$a.IdentityReference
                }
                $entity = New-Object -TypeName psobject -Property $prop
                return $entity
            }
           
             
        } 


    }

    END{}

}

Looks like you’ve done a bit of work here, but you do know, there is module to help with this sort of thing.

Find-Module -Name ‘ntfs’ | Format-Table -Autosize

Version Name Repository Description

4.2.3 NTFSSecurity PSGallery Windows PowerShell Module for managing file and folder security on NTFS volumes
1.3.0 cNtfsAccessControl PSGallery The cNtfsAccessControl module contains DSC resources for NTFS access control management.
1.0 NTFSPermissionMigration PSGallery This module is used as a wrapper to the popular icacls utility to save permissions to a file and then resto…

See these to articles:

Weekend Scripter: Use PowerShell to Get, Add, and Remove NTFS Permissions
This post introduces the NTFSSecurity module, which provides a bunch of cmdlets for managing permissions on NTFS drives.
‘Weekend Scripter: Use PowerShell to Get, Add, and Remove NTFS Permissions - Scripting Blog’

Weekend Scripter: Manage NTFS Inheritance and Use Privileges
Determine inheritance settings
To determine if a file or folder inherits from its parent, use the Get-NTFSAccessInheritance cmdlet (there is also a Get-NTFSAuditInheritance cmdlet). There are two ways to specify the file or folder: You can use the Path parameter or pipe the file or folder object to Get-NTFSAccessInheritance:
‘Weekend Scripter: Manage NTFS Inheritance and Use Privileges - Scripting Blog’

Thanks mate. I´ve found it before, but i want to create mine so i can then make changes and modify the output.
I think i´m very close, but maybe i am wrong in the way i serach which is the parent who is inheriting from.
Is there a way to view the source code of Get-NTFSAccessInheritance?. Maybe, looking in there it will give me a clue to solve it.

Debuging the script, i´ve found the problem:
When i walk backwards from child to parent : "Subcarpeta3 -> Carpeta3 -> Temp -> c:" in the while loop, when it reachs the “temp” folder,

while ($acc.IsInherited -eq $true -and (Split-Path -Path $directory -Parent)){
            
            $directory=Split-Path -Path $directory -Parent
 
            $acc=(get-acl -Path $directory).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
            -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
            -eq $user.InheritanceFlags -and $_.FileSystemRights -eq $user.FileSystemRights`
            -and $_.PropagationFlags -eq $user.PropagationFlags}

Which suppose to be the parent from which subcarpeta3 inherits (is is shows in the image), the $acc variable it suppose to store the ACE

But the $acc doesn´t found anything, and i think the KEY is here:
$acc doesn´t store anyhing because the parent folder “c:\temp” has the ace “this folder ,subfolders and files”

And the inherited child “subCarpeta3” has the ACE “this folder and subfolders”
So, it will never found the parent where the child inherits from.

But i have any clue about how to solve this.

As for…
‘Is there a way to view the source code of Get-NTFSAccessInheritance?.’
As long as it is not obfuscated, sure.

For example to view say some of the default PowerShell functions. In the PowerShell_ISE, you could do this:

${function:Clear-Host} | Out-String | Out-GridView

Or

${function:Clear-Host} | clip # to paste into the ISE, VSCode or your editor of choice to review

For full source decompile, then you are looking at leveraging things like the following:

Net Reflector
‘.NET Decompiler: Decompile Any .NET Code | .NET Reflector’
Example: ‘nivot.org/post/2008/10/30/ATrickToJumpDirectlyToACmdletsImplementationInReflector’

ILSpy
‘wiki.sharpdevelop.net/ILSpy.ashx’

dotPeek
‘dotPeek: Free .NET Decompiler & Assembly Browser by JetBrains’

JustDecompile
‘JustDecompile .NET Assembly Decompiler & Browser - Telerik’

DisSharper
‘netdecompiler.com’

Mono Cecil
‘Redirecting…’

Kaliro
‘Kaliro’

Dotnet IL Editor (DILE)
‘Dotnet IL Editor download | SourceForge.net’

Common Compiler Infrastructure
‘cciast.codeplex.com’

I guess an option is just to check to see what folder do or do not have inheritance enabled and extrapolate from there.

I just remembered where the sorces were…
‘GitHub - raandree/NTFSSecurity: Managing permissions with PowerShell is only a bit easier than in VBS or the command line as there are no cmdlets for most day-to-day tasks like getting a permission report or adding permission to an item. PowerShell only offers Get-Acl and Set-Acl but everything in between getting and setting the ACL is missing. This module closes the gap.’

Specifically…
‘NTFSSecurity/NTFSSecurity at master · raandree/NTFSSecurity · GitHub’

One more item:
‘GitHub - Jackbennett/powershell: Every Powershell script I write that I could possibly share. Folders are more polished modules intended for re-use. Some other peoples modules are included. This is my one stop git clone ...; add to psModulePath repo’

Specifically…
‘powershell/NTFSSecurity at master · Jackbennett/powershell · GitHub’

Might be worth a look as well.

Thansk Postanote for the tools.
I´ve used ‘Net Reflector’, but i have seen ILSpy is better, and also, it´s free !!! (thanks for that).

Hello postanote, i´ve read the source on ILSPy, but it´s in C#.
I was hoping i could do it with a powershell script, and i thinks im so close.