Finding all explicit ACLs in NTFS

Sometimes file permissions can become a little messed up, so this script will list all the explicitly set (i.e. not inherited) ACEs. I suggest that you use the Out-GridView, Format-Table, or ConvertTo-Csv Cmdlets to better visualise the result.

function Get-ExplicitAcl
{
    [CmdletBinding()]
    param([string]$Path, [switch]$Recurse)
 
    Process
    {
        $allFiles = Get-ChildItem $Path -Recurse:$Recurse | select -ExpandProperty FullName
        $allFiles += Get-Item $Path | select -ExpandProperty FullName
        $result = $allFiles | % {
            $current = $_
            try 
            {
                $acl = get-acl -path $current
                if($acl)
                {
                    $dacl = $acl.GetAccessRules($true, $false, [System.Security.Principal.NTAccount])
                    foreach($ace in $dacl)
                    {
                        $detail = new-object psobject -Property @{ 
                            Path = $current;
                            FileSystemRights = $ace.FileSystemRights;
                            AccessControlType = $ace.AccessControlType;
                            IdentityReference = $ace.IdentityReference;
                            InheritanceFlags = $ace.InheritanceFlags;
                            PropagationFlags = $ace.PropagationFlags;
                        }
                        $detail | select Path, AccessControlType, IdentityReference, FileSystemRights, InheritanceFlags, PropagationFlags
                    }
                }
            }
            catch [System.UnauthorizedAccessException]
            {
                Write-Error "Failed to read DACL from $current.FullName."    
            }
        }
        $result | sort path
    }
}