This quick script shows you if and where inheritance is deactivated. You can also set in the parameters how deep or how many levels inheritance is checked.
# Function to check inheritance up to the specified level
function Check-Inheritance {
param (
[string]$directoryPath,
[int]$currentLevel,
[int]$maxLevel
)
# Exit if current level exceeds max level
if ($currentLevel -gt $maxLevel) {
return
}
# Get the ACL of the directory
$acl = Get-Acl -Path $directoryPath
# Check if inheritance is disabled
if ($acl.AreAccessRulesProtected) {
Write-Output "$directoryPath - Inheritance is disabled"
} else {
#Write-Output "$directoryPath - Inheritance is enabled"
}
# Recursively check subdirectories if current level is less than max level
if ($currentLevel -lt $maxLevel) {
$subdirectories = Get-ChildItem -Path $directoryPath -Directory
foreach ($subdir in $subdirectories) {
Check-Inheritance -directoryPath $subdir.FullName -currentLevel ($currentLevel + 1) -maxLevel $maxLevel
}
}
}
# Function to check inheritance up to the specified level
function Check-Inheritance {
param (
[string]$directoryPath,
[int]$currentLevel,
[int]$maxLevel
)
# Exit if current level exceeds max level
if ($currentLevel -gt $maxLevel) {
return
}
# Get the ACL of the directory
$acl = Get-Acl -Path $directoryPath
# Check if inheritance is disabled
if ($acl.AreAccessRulesProtected) {
Write-Output "$directoryPath - Inheritance is disabled"
} else {
#Write-Output "$directoryPath - Inheritance is enabled"
}
# Recursively check subdirectories if current level is less than max level
if ($currentLevel -lt $maxLevel) {
$subdirectories = Get-ChildItem -Path $directoryPath -Directory
foreach ($subdir in $subdirectories) {
Check-Inheritance -directoryPath $subdir.FullName -currentLevel ($currentLevel + 1) -maxLevel $maxLevel
}
}
}
To execute the script:
Check-Inheritance -directoryPath $rootDirectory -currentLevel 1 -maxLevel 3