PowerShell: How to Get ACL share permissions for Folder

Article
1/17/2024

An Access Control List (ACL) is a list of permissions assigned to objects in a Microsoft environment. It defines which users have access to folders and files located on file servers and which actions they can perform on those objects: read, write, execute, modify or even full access. Setting permissions using the least -privilege model and monitoring them regularly is critical to data security in your Windows file system.

You can get ACL share permissions using the PowerShell Get-ACL cmdlet. But there’s an easier way to stay in control of your access control list configuration, with no PowerShell scripting or thinking about security descriptors.

1. Create script

Open the Powershell ISE → Create a new script using the following code:

$path = "\\pdc\Shared\Accounting" #define path to the shared folder
$reportpath ="C:\data\ACL.csv" #define path to export permissions report
#script scans for directories under shared folder and gets acl(permissions) for all of them
dir -Recurse $path | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | Add-Member -MemberType NoteProperty '.\Application Data' -Value $path1 -passthru }} | Export-Csv $reportpath

2. Specify parameters and run script

Specify the path to the folder of interest and where the results should be saved.

Then run the script.

3. Review Result

Open the file produced by the script in Microsoft Excel.

https://img.netwrix.com/howtos/excel_file_produced_by_the_PS_script.png

Credits

Originally posted: https://www.netwrix.com/how_to_get_acl_for_a_folder.html

Share via

1. Create script

2. Specify parameters and run script

3. Review Result

Credits

Additional resources