Get-ACL advice

Word has got out in my office that I am the PowerShell guy and requests are coming in more frequently now.

Most recent request is that they would like a report of ALL folders that have the permission ‘Everyone’ assigned as an NTFS permission.

My immediate thought is to do something like this.

This is my rough draft

$Directories = get-childitem C:\utility -Directory -Recurse

foreach ($folder in $Directories)
    $acl = get-acl $folder.FullName
    foreach ($access in $acl.Access)
            if ($access.IdentityReference -eq 'Everyone')

However, some of these could be HUGE data servers this will run on and that first command is like doing a recursive dir at the root level and would take forever for that variable to populate.

Can anyone recommend an more expedient way to do this?

Not a job for PowerShell IMHO. Use AccessEnum from Sysinternals:

If I was not going out of town I will dig-in and really help. I have been meaning to create a function to do actually what you want. Here’s a few items that may get on the right \path

new seversget-smbshare maybe helpful

Look at the function/module I posted on powershell gallery (Find-SMBShare). If I wrote find-smbshare correctly the output maybe really useful, if not it will show you the cim-instance for finding shares on servers. Really old servers you can use wmi, which is still"win32-share"

You can get the local path of all the shares on a computer with the class win32_share

 get-ciminstance -classname win32_share

It seems like this may be how to limit searching the whole root of servers. Maybe find all non-admin shares, then get the acl of each one.

Good Luck.

These are not shares I am looking for. I am looking for all folders and subfolders that have the permission ‘everyone’ assigned to them. They may or may not be a share.

Maybe break it up in smaller pieces might speed things up.
But it kind of depends on how the directory tree i structured.


  1. on the initial path, don’t do a recursive lookup.
  2. Add another foreach loop before the current and then do a seperate directory lookup with recursive.

So basically you stagger the lookup one level rather than doing the whole lot in on go.
If the tree structure is really deep you probably are going to end up hitting the limit of 260 characters in the path for get-acl and get-childitem.