I am trying to find for each ACE how to determine where it’s permissions are inherited from. I cant seem to find the actual folder it is inherited from in get-acl…
Here is a pic to better illustrate what i’m talking about…Image
I am trying to find for each ACE how to determine where it’s permissions are inherited from. I cant seem to find the actual folder it is inherited from in get-acl…
Here is a pic to better illustrate what i’m talking about…Image
You need to walk up the tree and find all not inherited permissions.
and then analyze it
something like that
function Get-NotInheritedACL($Path) { Get-Acl -Path $path | Select-Object -ExpandProperty Access | Where-Object { -Not $_.IsInherited } | Foreach-Object { [PSCustomObject]@{ Path = $Path Access = $_ } } $parent = Split-Path $Path if ($parent) { Get-NotInheritedACL $parent } } Get-NotInheritedACL 'C:\Program Files\Common Files\Microsoft Shared\'