Help with Powershell script to get a report of only builtin groups

script you populated shows NTFS permisions on directories and has nothing to do with shares you mention in subject.
So what do you need ?

oh I am sorry. Inventory of NTFS permissions where builtin groups have access.

what does "?" mean? I can't find it online..


I get an error: An empty pipe element is not allowed.



PS C:\scripts> Get-ChildItem "C:\installs" -Recurse | ?{ $_.PsIsContainer } | %{
 $Path = $_.FullName
 
 (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited
    | ? {$_.identityreference.value -like "BUILTIN*"} }
At line:7 char:5
+     | ? {$_.identityreference.value -like "BUILTIN*"} }
+     ~
An empty pipe element is not allowed.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : EmptyPipeElement

'?' is alias for where-object commandlet
I assume it hits folder with no acess to or corrupted descriptor. Try to add '-error silent' after closing curly bracket and run again

yes. this works!! I will give you points. Should I put parameters for TESTTARGET\domain users?


Get-ChildItem "C:\installs" -Recurse | ?{ $_.PsIsContainer } | %{
 $Path = $_.FullName
 
 (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited| ?{$_.identityreference.value.ToString() -like "TESTTARGET\Domain Users"}
} | Export-CSV "PermissionsDomainUsers8.csv"

I tried to put Domain Users in the param but it doens't work...the output file is empty and it doens't just get c:\install directory. It is doing other directory


    param(
    [String]$Group='Domain Users',
    [String]$Directory='c:\install'
)

Get-ChildItem $directory -Recurse | ?{ $_.PsIsContainer } | %{
 $Path = $_.FullName
 
 (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited| ?{$_.identityreference.value.ToString() -like $Group}
} | Export-CSV "PermissionsDomainUsers9b.csv"



I am getting this error:
Get-ChildItem : Access to the path 'C:\Windows\System32\LogFiles\WMI\RtBackup' is denied.
At line:7 char:1
+ Get-ChildItem $directory -Recurse | ?{ $_.PsIsContainer } | %{
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Windows\Syst...es\WMI\RtBackup:String) [Get-ChildItem], UnauthorizedAccessException
    + FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand

those are runtime permission errors, listed one is that running account does not have access to C:\Windows\System32\LogFiles\WMI\RtBackup'  
.tostring() you added makes no sense, "value" is string type. Where the trouble is -like needs asterix convention for match
I suggest this:
 [String]$Group='*Domain Users',

on my local filestem, "Users" produces no output, but "*users" lists properly

but it shouldn't be looking at this directory. It should be looking at c:\installs.
C:\Windows\System32\LogFiles\WMI\RtBackup'  

this script still is giving me an error about this directory. It works fine if I remove param ()
Also i tried to put just two variables on top and as soon as I put them, it breaks it.

 param(
    [String]$Group='*Domain Users',
    [String]$Directory='c:\install'
)



Get-ChildItem -path $directory -Recurse | ?{ $_.PsIsContainer } | %{
 $Path = $_.FullName
 
 (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited| ?{$_.identityreference.value.ToString() -like $Group}
} | Export-CSV "PermissionsDomainUsers3.csv"



Error:
Get-ChildItem : Access to the path 'C:\Windows\System32\LogFiles\WMI\RtBackup' is denied.
At C:\scripts\Get-NTFSPermissionsBuiltinWithParams1b.ps1:8 char:1
+ Get-ChildItem -path $directory -Recurse | ?{ $_.PsIsContainer } | %{
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Windows\Syst...es\WMI\RtBackup:String) [Get-ChildItem], UnauthorizedAccessException
    + FullyQualifiedErrorId : DirUnauthorizedAccessError,Microsoft.PowerShell.Commands.GetChildItemCommand


this doesn't work either. Same error.

$Group = "Domain Users"
 $Directory ="c:\install"

Get-ChildItem -path $directory -Recurse | ?{ $_.PsIsContainer } | %{
 $Path = $_.FullName
 
 (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited| ?{$_.identityreference.value.ToString() -like $Group}
} | Export-CSV "PermissionsDomainUsers3.csv"



This works perfectly!! But I want to add param or at least variable on top.

Get-ChildItem "C:\installs" -Recurse | ?{ $_.PsIsContainer } | %{
 $Path = $_.FullName
 
 (Get-Acl $Path).Access | Select-Object `
    @{n='Path';e={ $Path }}, IdentityReference, AccessControlType, `
    InheritanceFlags, PropagationFlags, FileSystemRights, IsInherited| ?{$_.identityreference.value.ToString() -like "TESTTARGET\Domain Users"}
} | Export-CSV "PermissionsDomainUsers8.csv"

params works, possibly source of your truoble is that you always fill target variable like "C:\install", while in version without parameters you use path with 's' at the end = "C:\installs
as c:\install  directory not exist, your path points to current active than you have feeling that it parse wrong place

Thank you so much! I had mistyped c:\installs. Your script works!!!!