How to Make a Report on Folder Permissions on a Certain Share

Because many compliance regulations demand that only authorized users have access to sensitive data, IT administrators need to ensure proper file server structure on file shares that host critical data and also stay abreast of who has access to what information on those file shares. By monitoring how permissions to this data are changing, they can ensure that employees don’t have access to files that they don’t need for their jobs. Reporting on folder permissions makes it easier for IT admins to spot users with unnecessary access, so they can restrict permissions to minimize the risk of a data breach. 

1. Open PowerShell ISE.

2. Create a new script with the following code (Define “OutFile” and “RootPath” fields):

$OutFile = "C:\temp\Permissions1.csv" # Insert folder path where you want to save your file and its name
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
$FileExist = Test-Path $OutFile 
If ($FileExist -eq $True) {Del $OutFile} 
Add-Content -Value $Header -Path $OutFile 
 
$RootPath = "\\server\share" # Insert your share path
 
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}
 
foreach ($Folder in $Folders){
    $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
    Foreach ($ACL in $ACLs){
    $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
    Add-Content -Value $OutInfo -Path $OutFile 
    }}

3. Run the script.

4. Open the file produced by the script in MS Excel.

5. Credits: Originally posted - https://www.netwrix.com/reporting_on_folder_permissions_on_certain_share.html