What do you do when you find your network file share permissions are a little...weird? That when you go to add permissions to a folder, some of the sub folders still remain out of reach? Then, when you check them manually, you find that someone, at some point, disabled inheritance on that folder, and for no good reason. Or, worse, someone set up the shares with a bunch of severed inheritance, mainly because they didn't know how to manage folder permissions well.
Whatever the reason, knowing where inheritance is severed in your file shares is not only useful, but critical to properly manage your shares. To discover those inheritances, just go through each folder, one by one, and write down each one tha...
Wait! There's got to be a better way to do this!
Fortunately, Get-Acl is here to help. The AccessControl.DirectorySecurity objects it returns for folders has a property called "AreAccessRulesProtected", which when set to True, means inheritance is disabled. So, I wrote a quick script to help locate and document this. Note that you will need to be using an account with at least read permissions to all of the folders you are targeting; also, I've done this for a single server with multiple shares, each share I've put in a text file. It will be easy to modify that as you need.