PowerShell: How to Get an NTFS Permissions Report

Auditing NTFS folder permissions is critical to data security. In an Active Directory and Windows Server environment, you can run a simple PowerShell script to get an NTFS permissions report for any share. The script provided above uses the Get-ACL cmdlet with the “recurse” option to dig down to subfolders and generate a report that lists all folders and their security permissions, whether assigned by group or directly.

1. Run Script

Open Powershell ISE. Run the following script adjusting “OutFile” and “RootPath” fields:

$OutFile = "C:\temp\Permissions1.csv" # Insert folder path where you want to save your file and its name
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
$FileExist = Test-Path $OutFile 
If ($FileExist -eq $True) {Del $OutFile} 
Add-Content -Value $Header -Path $OutFile 
$RootPath = "\\server\share" # Insert your share path
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} foreach ($Folder in $Folders){
    $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
    Foreach ($ACL in $ACLs){
    $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
    Add-Content -Value $OutInfo -Path $OutFile 
    }}

2. Result

Open the file produced by the script in MS Excel.

https://img.netwrix.com/howtos/folder_permissions_on_a_certain_share_native.png

Credits: 

Originally posted at: 

https://www.netwrix.com/how_to_get_ntfs_permissions_report.html