PowerShell Script to Show FSLogix Folder and File Permissions

Zac
# PowerShell script to list file and folder owners and permissions recursively for a specified path, excluding SYSTEM, Administrators, and CREATOR OWNER

# Prompt for the directory path
$Path = Read-Host "Enter the directory path to scan (e.g., C:\Data)"

# Check if the path exists
if (-not (Test-Path $Path)) {
    Write-Error "The specified path does not exist: $Path"
    exit
}

# Function to get owner and permissions
function Get-FileSystemInfo {
    param (
        [string]$ItemPath
    )
    
    try {
        # Get ACL for the item
        $acl = Get-Acl -Path $ItemPath -ErrorAction Stop
        
        # Get the owner
        $owner = $acl.Owner
        
        # Get permissions, excluding SYSTEM, Administrators, and CREATOR OWNER
        $permissions = $acl.Access | Where-Object {
            $_.IdentityReference -notlike "*\SYSTEM" -and
            $_.IdentityReference -notlike "*\Administrators" -and
            $_.IdentityReference -notlike "CREATOR OWNER"
        } | ForEach-Object {
            [PSCustomObject]@{
                Identity = $_.IdentityReference
                Rights   = $_.FileSystemRights
                Type     = $_.AccessControlType
            }
        }
        
        # Output the results for this item
        [PSCustomObject]@{
            Path        = $ItemPath
            Type        = if (Test-Path -Path $ItemPath -PathType Container) { "Directory" } else { "File" }
            Owner       = $owner
            Permissions = $permissions
        }
    }
    catch {
        Write-Warning "Error accessing $ItemPath : $_"
    }
}

# Get all items recursively
$items = Get-ChildItem -Path $Path -Recurse -ErrorAction SilentlyContinue

# Process each item
$results = foreach ($item in $items) {
    Get-FileSystemInfo -ItemPath $item.FullName
}

# Output results in a formatted table
$results | Format-Table -Property Path, Type, Owner, @{
    Label = "Permissions"
    Expression = {
        if ($_.Permissions) {
            $perms = $_.Permissions | ForEach-Object {
                # Format each permission entry for better readability
                "$($_.Identity) -> Rights: $($_.Rights), Type: $($_.Type)"
            }
            # Join with newlines for cleaner output
            $perms -join "`n"
        } else {
            "No relevant permissions found"
        }
    }
} -AutoSize -Wrap

# Optional: Export to CSV
$csvPath = Join-Path -Path $Path -ChildPath "PermissionsReport_$(Get-Date -Format 'yyyyMMdd_HHmmss').csv"
$results | Export-Csv -Path $csvPath -NoTypeInformation

Write-Host "Report exported to: $csvPath"

This article was updated on July 12, 2025