Solved

Is there a program I can use to find blocked inheritance?

Posted on 2014-01-08
4
286 Views
Last Modified: 2014-04-14
We have a file server with many folders.
Someone once-upon-a-time put inheritance blocking on many of them.

Is there an easy way to find out which folders have had inheritance blocked?

Thanks
Phil
0
Comment
Question by:philkryder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 39766964
I am assuming that you are talking about NTFS permissions? You are looking for deny permissions on directories?

You can use SolarWinds Permission Analyzer (free) - http://www.solarwinds.com/products/freetools/permissions_analyzer_for_active_directory/

You can also use powershell to accomplish this. Use the below syntax...

Get-Childitem -Path <rootpath> -recurse | get-acl | out-file c:\directories.csv

Open in new window


Will.
0
 
LVL 1

Author Comment

by:philkryder
ID: 39769337
I'm actually looking for inheritance being blocked.
is that the same?
I don't think so...
0
 
LVL 23

Assisted Solution

by:yo_bee
yo_bee earned 200 total points
ID: 39835492
You can try this Powershell Script.

$dir = 'Replace with parent folder directory path '

Get-ChildItem  $dir -Directory -Recurse  ? {
 Get-Acl $_.FullName | % {
 $_.GetAccessRules($true, $true, 'System.Security.Principal.NTAccount') |
 ? {!$_.IsInherited}
 }
 }

Open in new window


Or

$dir = 'Replace with parent folder directory path '
Get-ChildItem $dir  -Recurse | ? {$_.PSIsContainer} | ? {
 Get-Acl $_.FullName | % {
 $_.GetAccessRules($true, $true, 'System.Security.Principal.NTAccount') |
 ? {!$_.IsInherited}
 }
 }

Open in new window

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question