Query for ACLs on a file server

I'm cleaning up all Windows groups associated with a SQL Server database application.  I've verified that I can safely deleted GroupX without any loss of of SQL Server functionality.  However, the application is also associated with thousands of files on the same server, and GroupX may have explicit permissions to some of these files.  Obviously, inspecting each file for GroupX permissions isn't feasible.  Is there a way to query the GroupX ACLs?
Who is Participating?
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Sure. Install Windows PowerShell (should be under Features in Server Manager), then you can run this (copy and paste after you fix the security principal and base path values.

# Object name to look for in each access control list
$SecurityPrincipal = "GroupX"
# Starting path
$BasePath = "C:\"
# Something to hold the results
$Entries = @()
ForEach ($Entry in (ls -r $BasePath)) {
  If ((Get-ACL -Path $Entry.FullName).Access | `
    ?{ $_.IdentityReference -match $SecurityPrincipal -And $_.IsInherited -eq $False }) { 
      $Entries += $Entry | Select-Object * 
# Display the results as a table
$Entries | Format-Table FullName, Name, PSIsContainer, LastAccessTime
# Export Results to a CSV File
$Entries | Export-CSV "Results.csv"

Open in new window

gurpreetchhabraConnect With a Mentor Commented:
Or simply try DumpSec GUI based tool to export permissions from a specified root directory, export the result to csv file. Open in excel and filter all results for GroupX.
jdanaAuthor Commented:
Both option work great!  Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.