<#----------------------------------------------------------------------------- Ashley McGlone, Microsoft PFE http://blogs.technet.com/b/ashleymcglone August, 2011 Parse-SDDL function. http://msdn.microsoft.com/en-us/library/aa374928.aspx ace_type;ace_flags;rights;object_guid;inherit_object_guid;account_sid 0 ;1 ;2 ;3 ;4 ;5 0 ;ID ;2 ;3 ;4 ;SID Split the SDDL on the characer: ( Process indexes 1 to end Split on character ; If index 1 contains "ID" then ignore because inherited If index 5 contains a SID then process it -----------------------------------------------------------------------------#> function Parse-SDDL { [CmdletBinding()] param ([Parameter(valueFromPipelineByPropertyName=$true)]$SDDL) $SDDLSplit = $SDDL.Split("(") "`n---SDDL Split:" $SDDLSplit "`n---SDDL SID Parsing:" # Skip index 0 where owner and/or primary group are stored For ($i=1;$i -lt $SDDLSplit.Length;$i++) { $ACLSplit = $SDDLSplit[$i].Split(";") If ($ACLSplit[1].Contains("ID")) { "Inherited" } Else { $ACLEntrySID = $null # Remove the trailing ")" $ACLEntry = $ACLSplit[5].TrimEnd(")") # Parse out the SID using a handy RegEx $ACLEntrySIDMatches = [regex]::Matches($ACLEntry,"(S(-\d+){2,8})") $ACLEntrySIDMatches | ForEach-Object {$ACLEntrySID = $_.value} If ($ACLEntrySID) { $ACLEntrySID } Else { "Not inherited - No SID" } } } #return $null } # Experiment with these different path values to see what the ACL objects do $path = "C:\users\username\" #Not inherited $path = "C:\users\username\desktop\" #Inherited $path = "HKCU:\" #Not Inherited $path = "HKCU:\Software" #Inherited $path = "HKLM:\" #Not Inherited "`n---Path:" $Path $ACL = Get-ACL $path "`n---Access To String:" $ACL.AccessToString "`n---Access entry details:" $ACL.Access | fl * "`n---SDDL:" $ACL.SDDL # Call with named parameter binding $ACL | Parse-SDDL # Call with parameter string #Parse-SDDL $ACL.SDDL # ><>