Remove From My Forums

Can´t get inheritfrom folder name

Question

Hi everyone !

I need your help regarding to a script i´m building that print the same acl that windows gui shows the security tab.
The thing is, that i have a scenario where the script doesnt show the "inherited from" directory.

I have found an example, where a child directory has an applyTo "This folder and subolders", but its parent has "This folder, subfolders and files". And thats why, i get no inherit from.
But from the windows gui security tab, it shows the inherit from .
Here is the example, and below the script.

I will appreciate any help, cause i´ve read a lot and tried everything find a solution but i haven´t found it yet.

Thanks a lot in advance !!

Example:

Parent Directory:

Child Directory:

Script

function get-FindInheritedLocal{

    [CmdLetBinding()]
    param(
        [Parameter(Mandatory=$true)][String]$directory,
        [Parameter(Mandatory=$true)][System.Security.AccessControl.FileSystemAccessRule]$user   
        
    )

    BEGIN{
        
        # I get for only the first time the acl of the user i give as parameter and the directory
        
        $acc=(get-acl (split-path -Path $directory -Parent)).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
        -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
        -eq $user.InheritanceFlags -and $_.FileSystemRights -eq $user.FileSystemRights`
        -and $_.PropagationFlags -eq $user.PropagationFlags}

    }

    PROCESS{

        # While is inherited and it has a parent folder
        
        while ($acc.IsInherited -eq $true -and (Split-Path -Path $directory -Parent)){
            
            # I assign to $directory, the parent directory
            
            $directory=Split-Path -Path $directory -Parent

            # Brings the acl of the user  
            
             $acc=(get-acl -Path $directory).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
            -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
            -eq $user.InheritanceFlags -and $_.FileSystemRights -eq $user.FileSystemRights`
            -and $_.PropagationFlags -eq $user.PropagationFlags}
            
            
           
           # If it is not inherited, it found the parent where it inherited from
            
           if($a=$acc | ? {$_.isinherited -eq $false}){

                $prop = @{  Path=$directory
                            Permission=$a.FileSystemRights
                            Identity=$a.IdentityReference
                }
                $entity = New-Object -TypeName psobject -Property $prop
                return $entity
            }
           
             
        } 


    }

    END{}

}

Edited by Octavio J Tuesday, November 28, 2017 1:13 AM

Tuesday, November 28, 2017 12:28 AM

Answers

Hello there, it´s better late than never :)

I´ve solve the issue i had with some directories that inherit´s from.

So here i post the cmdlet i've created and hope it helps anyone that needs it.

Thanks everyone there !!

<#
.SYNOPSIS
    Brings the parent folder that iniciate the inherit to it´s subfolders
.DESCRIPTION
    From the folder that I pass as a parameter, it brings the permissions of the parent folder from which it inherits.
.PARAMETER Directory
    Accepts a string containing an existing directory
.PARAMETER User
    Accepts an access control type user.
    The one you obtain with (get-acl path).access
.NOTES
    File Name      : get-FindInheritedLocal.ps1
    Author         : Octavio Ricci (octavioricci@gmail.com)
    Prerequisite   : PowerShell V2 and upper.
    Copyright 2017 - Octavio Ricci
.EXAMPLE
    This example queries the permissions of the parent folder of the inherited directory and user input

    1.  First, you must format the user/group whose acl yoy want to find and where does it inherit from
        $user = (C:\Temp\carpeta2\Subcarpeta2\SubSubCarpeta2\SubSubSubCarpeta2).access
        Suppose the user/group is in the first record ($user[0])

    2.  Then i execute the cmdlet passing the directory and the user
        get-FindInheritedLocal C:\Temp\carpeta2\Subcarpeta2\SubSubCarpeta2\SubSubSubCarpeta2 -user $user[0]

    3.  The result will show the main folder where the permission inherit from
.LINK
    help get-FindInheritedLocal
#>

function get-FindInheritedLocal{

    [CmdLetBinding()]
    param(
        [Parameter(Mandatory=$true)][String]$directory,
        [Parameter(Mandatory=$true)][System.Security.AccessControl.FileSystemAccessRule]$user   
        
    )

    BEGIN{}

    PROCESS{
		
		This loop will continue while a parent folder exists until finds the folder where the permission
		starts.
		
        while ((Split-Path -Path $directory -Parent)){
            
           
            
            $directory=Split-Path -Path $directory -Parent

            # I need the inmediate parent folder of the folder i passed by parameter and its acl.
            $acc=(get-acl -Path $directory).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
            -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
            -eq $user.InheritanceFlags -and $_.PropagationFlags -eq $user.PropagationFlags`
            -and $_.FileSystemRights -eq $user.FileSystemRights }
               

		<#If the folder i passed don´t inherit the permission, it finish (cause has find the parent folder)
		The if condition validates two things:
		If is not inherited, understands that it has found the parent folder
		If $acc is null or empty, could happend that the parent folder where folder(passed by
		parameter) inherits from, doesnt have exactly the same acl than its childs.
		That is why, despite this difference, it is taken as inheriting from the parent folder
	        #>
               if( ($a=$acc | ? {$_.isinherited -eq $false}) -or ([string]::IsNullOrEmpty($acc)) ){
                
                    $prop = @{  Path=$directory
                            Permission=$user.FileSystemRights
                            Identity=$user.IdentityReference
                     }
                     $entity = New-Object -TypeName psobject -Property $prop
                     return $entity
            } ## IF
           
             
        } ## WHILE

         
    } ## PROCESS

    END{}

}

Edited by Octavio J Tuesday, January 30, 2018 4:34 PM
Marked as answer by Octavio J Tuesday, January 30, 2018 4:34 PM

Tuesday, January 30, 2018 4:30 PM

All replies

0

Sign in to vote

(get-item d:\scripts).Parent
\_(ツ)_/

Tuesday, November 28, 2017 1:03 AM
0

Sign in to vote

Hello jrv, thanks for the response
I use "$directory=Split-Path -Path $directory -Parent" to traverse from child to parent to find which
is the parent folder that this child inherits from.

Tuesday, November 28, 2017 1:16 AM
0

Sign in to vote

Why must you make things so hard. Any folder object has a "parent" that is what it is there for.

\_(ツ)_/

Tuesday, November 28, 2017 1:19 AM
0

Sign in to vote

I know what you mean.

My problem is not to try to find which is the parent folder, but to find who is the parent of the one who inherits.

In my example, execute get-FindInheritedLocal -directory c:\temp\carpeta3\subCarpeta3 -user "username"
And i must receive a register with :
Path=c:\temp
Permission="permissions of c:\temp of the user i pass as a parameter"
Identity= "The user i pass as a parameter"

i know the parent is c:\temp , and the child who inherits from this parent is c:\temp\carpeta3\subCarpeta3.

When i execute my script, it can´t find print the parent (in this case c:\temp).

The scripts it is supose to print the folder, systemrights and identityreference of the parent folder of the directory i pass as a parameter.

Tuesday, November 28, 2017 2:44 AM
0

Sign in to vote

You would have to walk backwards through the inheritance chain to find the root node that declares the ACE.

\_(ツ)_/

Tuesday, November 28, 2017 3:44 AM
0

Sign in to vote

Yeap, that is what the script does. But in some cases it doesn´t print the root ACE where the child inherits from.
with this line "while ($acc.IsInherited -eq $true -and (Split-Path -Path $directory -Parent)){...."
It walks backwards until it find the parent that has the original ACE

Tuesday, November 28, 2017 4:19 AM
0

Sign in to vote
The root has no parent.

(get-item (get-acl d:\test\test.zip).Path).Directory.Parent

PS D:\> (get-item (get-acl d:\test\test.zip).Path).Directory|select root,name Root Name ---- ---- D:\ test PS D:\> (get-item (get-acl d:\test.zip).Path).Directory|select root,name Root Name ---- ---- D:\ D:\

\_(ツ)_/
- Proposed as answer by PRASOON KARUNAN V Tuesday, November 28, 2017 3:31 PM
- Unproposed as answer by Octavio J Tuesday, November 28, 2017 5:11 PM
Tuesday, November 28, 2017 8:37 AM
0

Sign in to vote
Debuging the script, i´ve found the problem:
When i walk backwards from child to parent : "Subcarpeta3 -> Carpeta3 -> Temp -> c:\" in the while loop, when it reachs the "temp" folder

while ($acc.IsInherited -eq $true -and (Split-Path -Path $directory -Parent)){ $directory=Split-Path -Path $directory -Parent $acc=(get-acl -Path $directory).Access | ? {$_.IdentityReference -eq $user.IdentityReference` -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags` -eq $user.InheritanceFlags -and $_.FileSystemRights -eq $user.FileSystemRights` -and $_.PropagationFlags -eq $user.PropagationFlags}

Which suppose to be the parent from which subcarpeta3 inherits (is is shows in the image), the $acc variable it suppose to store the ACE

But the $acc doesn´t found anything, and i think the KEY is here:
$acc doesn´t store anyhing because the parent folder "c:\temp" has the ace this folder ,subfolders and files
And the inherited child "subCarpeta3" has the ACE this folder and subfolders
So, it will never found the parent where the child inherits from.
But i have any clue about how to solve this.
Tuesday, November 28, 2017 2:30 PM
0

Sign in to vote

Hi,

I'm checking how the issue is going, was your issue resolved?

And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

Appreciate for your feedback.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Wednesday, November 29, 2017 9:48 AM
0

Sign in to vote

Hi Albert, sadly my issue has not been resolved. I´m trying finding the solution, reading and asking in different places, but wihout luck yet.

Wednesday, November 29, 2017 6:07 PM
0

Sign in to vote
Hi,

Based on my research, I suppose folder inherits from the closest folder which has disabled inheritance. For example: there is a folder D:\F1\F2\F3\F4\F5, if F1 and F3 have disabled inheritance, then F2 inherits from F1 and F5 inherits from F3. In this case, I recommend you can have a try to find the "Inherited From" folder by looping through the specific folder's parent, parent's parent, until you find the folder which has disabled inheritance, then that folder may be the target.

If you need further help, please feel free to let us know.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
- Proposed as answer by Albert LingMicrosoft contingent staff Monday, December 11, 2017 10:45 AM
Thursday, November 30, 2017 9:40 AM
0

Sign in to vote

Hi,

Just checking in to see if the information provided was helpful.

Please let us know if you would like further assistance.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Monday, December 4, 2017 8:58 AM
0

Sign in to vote

Hello Albert,

Let me try it and i´ll tell you.

Thank you Albert.

Monday, December 4, 2017 2:05 PM
0

Sign in to vote

Hi,

Appreciate for your feedback. And if you have any updates during this process, please feel free to let me know.

Best Regards,
Albert Ling
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Tuesday, December 5, 2017 5:49 AM
0

Sign in to vote

Hi,

Just want to confirm the current situations. Please let us know if you would like further assistance.

Best Regards,
Albert
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Thursday, December 7, 2017 10:11 AM
0

Sign in to vote

Hi,

I am checking how the issue is going, if you still have any questions, please feel free to contact us.

If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.

Appreciate for your feedback.

Best Regards,
Albert
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Monday, December 11, 2017 10:45 AM

Hello there, it´s better late than never :)

I´ve solve the issue i had with some directories that inherit´s from.

So here i post the cmdlet i've created and hope it helps anyone that needs it.

Thanks everyone there !!

<#
.SYNOPSIS
    Brings the parent folder that iniciate the inherit to it´s subfolders
.DESCRIPTION
    From the folder that I pass as a parameter, it brings the permissions of the parent folder from which it inherits.
.PARAMETER Directory
    Accepts a string containing an existing directory
.PARAMETER User
    Accepts an access control type user.
    The one you obtain with (get-acl path).access
.NOTES
    File Name      : get-FindInheritedLocal.ps1
    Author         : Octavio Ricci (octavioricci@gmail.com)
    Prerequisite   : PowerShell V2 and upper.
    Copyright 2017 - Octavio Ricci
.EXAMPLE
    This example queries the permissions of the parent folder of the inherited directory and user input

    1.  First, you must format the user/group whose acl yoy want to find and where does it inherit from
        $user = (C:\Temp\carpeta2\Subcarpeta2\SubSubCarpeta2\SubSubSubCarpeta2).access
        Suppose the user/group is in the first record ($user[0])

    2.  Then i execute the cmdlet passing the directory and the user
        get-FindInheritedLocal C:\Temp\carpeta2\Subcarpeta2\SubSubCarpeta2\SubSubSubCarpeta2 -user $user[0]

    3.  The result will show the main folder where the permission inherit from
.LINK
    help get-FindInheritedLocal
#>

function get-FindInheritedLocal{

    [CmdLetBinding()]
    param(
        [Parameter(Mandatory=$true)][String]$directory,
        [Parameter(Mandatory=$true)][System.Security.AccessControl.FileSystemAccessRule]$user   
        
    )

    BEGIN{}

    PROCESS{
		
		This loop will continue while a parent folder exists until finds the folder where the permission
		starts.
		
        while ((Split-Path -Path $directory -Parent)){
            
           
            
            $directory=Split-Path -Path $directory -Parent

            # I need the inmediate parent folder of the folder i passed by parameter and its acl.
            $acc=(get-acl -Path $directory).Access | ? {$_.IdentityReference -eq $user.IdentityReference`
            -and $_.AccessControlType -eq $user.AccessControlType -and $_.InheritanceFlags`
            -eq $user.InheritanceFlags -and $_.PropagationFlags -eq $user.PropagationFlags`
            -and $_.FileSystemRights -eq $user.FileSystemRights }
               

		<#If the folder i passed don´t inherit the permission, it finish (cause has find the parent folder)
		The if condition validates two things:
		If is not inherited, understands that it has found the parent folder
		If $acc is null or empty, could happend that the parent folder where folder(passed by
		parameter) inherits from, doesnt have exactly the same acl than its childs.
		That is why, despite this difference, it is taken as inheriting from the parent folder
	        #>
               if( ($a=$acc | ? {$_.isinherited -eq $false}) -or ([string]::IsNullOrEmpty($acc)) ){
                
                    $prop = @{  Path=$directory
                            Permission=$user.FileSystemRights
                            Identity=$user.IdentityReference
                     }
                     $entity = New-Object -TypeName psobject -Property $prop
                     return $entity
            } ## IF
           
             
        } ## WHILE

         
    } ## PROCESS

    END{}

}

Edited by Octavio J Tuesday, January 30, 2018 4:34 PM
Marked as answer by Octavio J Tuesday, January 30, 2018 4:34 PM

Tuesday, January 30, 2018 4:30 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Can´t get inheritfrom folder name

Question

Answers

All replies