function EnumFolders($tld, $parent, $parentlog) { if ($tld -is [System.IO.DirectoryInfo]) { $a = New-Object -ComObject Scripting.FileSystemObject $acl = get-acl -Path $tld.fullname $folder=$tld.fullname -replace "\\|:","-" $filenamelog = $logfolder +"\ACL_Log_$folder.xml" write-output '' | out-file -filepath $filenamelog -enc ascii write-output '' | out-file -filepath $filenamelog -enc ascii -append write-output ""| out-file -filepath $filenamelog -enc ascii -append if ($parent -ne $null) { write-output '' | out-file $filenamelog -append -encoding ASCII -Width 4096 } write-output "" | out-file $filenamelog -append -encoding ASCII -Width 4096 $row=""+$tld.fullname+"" write-output $row | out-file $filenamelog -append -encoding ASCII -Width 4096 $row=""+$acl.accesstostring+"" write-output $row | out-file $filenamelog -append -encoding ASCII -Width 4096 write-output "" | out-file $filenamelog -append -encoding ASCII -Width 4096 foreach ($subfolder in (get-childitem -Path $tld.fullname | where{$_.PSIsContainer})) { $FullName = $a.getfolder($subfolder.fullname).shortpath $acl = get-acl -Path $FullName $accessRules = $acl.GetAccessRules($true, $true, [System.Security.Principal.NTAccount]) foreach ($accessrule in $accessRules) { if ($accessrule.IsInherited) {$Eredita=$true} } if (-not $Eredita) { EnumFolders $subfolder $tld.fullname $filenamelog } $boh1=$logfolder+"\ACL_Log_"+($subfolder.fullname -replace "\\|:","-" )+".xml" $boh1 if (test-path $boh1) { write-output '' | out-file $filenamelog -append -encoding ASCII -Width 4096 } } write-output "" | out-file -filepath $filenamelog -enc ascii -append } } $logfolder="." $path=read-host "Please enter the path to scan: " Enumfolders (Get-Item $path) $null $null