<div>
Not sure what you want to do with that information; usually, with a proper naming convention, you should be able to tell by the name. 
Way more important than the account type would have been AccessControlType, since it makes a wee bit of a difference whether an ACE says &quot;Allow&quot; or &quot;Deny&quot; ... 

<pre><code class="code-10 nolinks" id="code-20-43328380-1">$Path = 'C:\temp'

$Script:identityCache = @{}
$scriptBlock = {
	Param($Item)
	$acl = Get-Acl -Path $Item.FullName
	ForEach ($access in $acl.Access) {
		[PSCustomObject]([ordered]@{
			'Type' = If ($Item.PSIsContainer) {'Folder'} Else {'File'}
			'Name' = $Item.FullName
			'Account' = $access.IdentityReference.Value
			'AccountType' = $(
				If (-not $identityCache.ContainsKey($access.IdentityReference.Value)) {
					$realm, $account = $access.IdentityReference.Value.Split('\')
					If (-not $account) {
						$account = $realm
						$realm = $env:ComputerName
					}
					If ($realm -ne $env:UserDomain) {
						$realm = $env:ComputerName
					}
					$adsiObject = [ADSI]&quot;WinNT://$($realm)/$($account)&quot;
					$identityCache[$access.IdentityReference.Value] = If ($adsiObject.groupType.Value -is [Int]) {'Group'} Else {'User'}
				}
				$identityCache[$access.IdentityReference.Value]
			)
			'Permissions' = $access.FileSystemRights
			'AccessControlType' = $access.AccessControlType
			'Inherited' = $access.IsInherited
		})
	}
}
$output = @()
Get-ChildItem -Directory -Path $Path -Recurse -Force | ForEach-Object {
	$output += &amp; $scriptBlock $_
}

Get-ChildItem -File -Path $Path -Recurse -Force | ForEach-Object {
	$output += &amp; $scriptBlock $_
}
</code></pre>
</div>

<div>
Wow, thats an answer :-) I never even throught of Allow or Deny in there - thanks The script works, apart from every entry is a File never a folder. Im assuming the issue is with <pre><code class="code-1 nolinks" id="code-20-43328423-1">$Item.PSIsDirectory
</code></pre>But not 100% sure 
</div>

tonelm54

<div>
<div class="content wysiwyg-content fr-view">
With the help of several forums, Ive written a script which audits a folder, and dumps out the permissions of files and folders:- <pre><code class="code-10 nolinks" id="code-10-29222640-1">$FolderPath = Get-ChildItem -Directory -Path "C:\temp" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
&nbsp; &nbsp; $Acl = Get-Acl -Path $Folder.FullName
&nbsp; &nbsp; ForEach ($Access in $Acl.Access) {
&nbsp; &nbsp; &nbsp; &nbsp; $Properties = [ordered]@{'Type'='Folder';'Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
&nbsp; &nbsp; &nbsp; &nbsp; $Output += New-Object -TypeName PSObject -Property $Properties &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; }
}

$FilesPath = Get-ChildItem -File -Path "C:\temp" -Recurse -Force
ForEach ($File in $FilesPath) {
&nbsp; &nbsp; $Acl = Get-Acl -Path $File.FullName
&nbsp; &nbsp; ForEach ($Access in $Acl.Access) {
&nbsp; &nbsp; &nbsp; &nbsp; $Properties = [ordered]@{'Type'='File';'Name'=$File.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
&nbsp; &nbsp; &nbsp; &nbsp; $Output += New-Object -TypeName PSObject -Property $Properties &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp; }
}


$Output | Out-GridView
</code></pre>The only bit Im stuck with now is to test weather $Access.IdentityReference is in reference to a user or a group. I know how to add in the variable, but dont know how to test, as looking at the object $Access doesnt tell me if its a group or user. Any suggestions?
</div>
</div>


With the help of several forums, Ive written a script which audits a folder, and dumps out the permissions of files and folders:-
$FolderPath = Get-ChildItem -Directory -Path "C:\temp" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
    $Acl = Get-Acl -Path $Folder.FullName
    ForEach ($Access in $Acl.Access) {
        $Properties = [ordered]@{'Type'='Folder';'Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
        $Output += New-Object -TypeName PSObject -Property $Properties            
    }
}

$FilesPath = Get-ChildItem -File -Path "C:\temp" -Recurse -Force
ForEach ($File in $FilesPath) {
    $Acl = Get-Acl -Path $File.FullName
    ForEach ($Access in $Acl.Access) {
        $Properties = [ordered]@{'Type'='File';'Name'=$File.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
        $Output += New-Object -TypeName PSObject -Property $Properties            
    }
}


$Output | Out-GridView
The only bit Im stuck with now is to test weather $Access.IdentityReference is in reference to a user or a group.
I know how to add in the variable, but dont know how to test, as looking at the object $Access doesnt tell me if its a group or user.
Any suggestions?

Folder Audit - Is user or group

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework. PowerShell provides full access to the Component Object Model (COM) and Windows Management Instrumentation (WMI), enabling administrators to perform administrative tasks on both local and remote Windows systems as well as WS-Management and Common Information Model (CIM) enabling management of remote Linux systems and network devices.

Powershell

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.