PowerShell Script to get the file permissions for directories and files in any path
PowerShell provides a wealth of information about the file system items. It is not always easy to get to however.
This PowerShell script will extract the following information about all files and directories in a path.
CreationTime, LastAccessTime, LastWriteTime, Path, Type, Owner, Group, Identity, Inherited, InheritanceFlags, PropagationFlags, AccessControlType, AccessMasks, Atrributes, Size
It returns this information as a PowerShell object so it can be exported to csv or xml easily.
Here are some examples of how it can be used:
.\get-files.ps1 .This command gets the files in the current directory and below.
.\get-files.ps1 d:\ | export-csv -notypeinformation files.csvThis command gets all the files on the d: drive and exports them to files.csv
type .\drives.txt | .\get-files.ps1 d:\ | export-csv -notypeinformation files.csvThis command gets the files from the drives contained in drives.txt (one per line) and exports them to files.csv
Here is a listing of the Win32 ACE (Access Control Entry) definition for directories -- bit flags
1 = LIST_DIRECTORY Grants the right to list the contents of the directory. 2 = ADD_FILE Grants the right to create a file in the directory. 4 = ADD_SUBDIRECTORY Grants the right to create a subdirectory. 8 = READ_EA Grants the right to read extended attributes. 16 = WRITE_EA Grants the right to write extended attributes. 32 = TRAVERSE The directory can be traversed. 64 = DELETE_CHILD Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only. 128 = READ_ATTRIBUTES Grants the right to read file attributes. 256 = WRITE_ATTRIBUTES Grants the right to change file attributes. 65536 = DELETE Grants delete access. 131072 = READ_CONTROL Grants read access to the security descriptor and owner. 262144 = WRITE_DAC Grants write access to the discretionary access control list (ACL). 524288 = WRITE_OWNER Assigns the write owner. 1048576 = SYNCHRONIZE Synchronizes access and allows a process to wait for an object to enter the signaled state. 268435456 = FullControl Note there are other more complicated combinations for which there are no easy descriptions.
You can get this script here get-fileinfo.ps1