none
display the 'inherited from' field for folder permission using powershell

    Question

  • Hi,

    I've been tasked with finding all unnecessary permission doubleups on our folder structures and removing them in favour of inheriting permissions.  This is simple enough to create a code to look up permissions and cross reference and inherited permissions and if they are identical let me know.

    However I've run into a snag, some folders create two permissions one for the folder that is not inherited and then another that is inherited but when looking it up in the security tab advanced settings you'll notice the inherited from field is 'parent object' and not the folder path of the actual parent folder.  In these cases the permissions on the actual parent folder either do not exist or are not the same as the one listed with 'parent object'.  removing either on the sub folder completely removes the permissions.  When I've found over 200,000 instances many of which I suspect fall into this category I can't simply check each one without a script.

    Default access information is:


    (This is the Parent Object one)
    FileSystemRights : Modify, Synchronize
    AccessControlType : Allow
    IdentityReference : NT AUTHORITY\Authenticated Users
    IsInherited : True
    InheritanceFlags : ContainerInherit, ObjectInherit
    PropagationFlags : None

    (This is the straight to folder one)
    FileSystemRights : Modify, Synchronize
    AccessControlType : Allow
    IdentityReference : NT AUTHORITY\Authenticated Users
    IsInherited : False
    InheritanceFlags : ContainerInherit, ObjectInherit
    PropagationFlags : None

    I'm interested does anyone know a powershell code which will allow me to display the named field that it is inheriting the permissions from like the GUID display shows?


    • Edited by YogiJ Thursday, December 6, 2018 11:42 PM
    Thursday, December 6, 2018 11:38 PM

All replies