DACL entries for folders/files

(imported topic written by SystemAdmin)

I am trying to develop relevance to be able to check permissions of certain files/folders to ensure only authorized users have elevated access. I’d like to stick to comparing “effective access mode,” instead of querying each permission separately. I’d like to have it output each entry on the DACL that has access mode greater than what is specified. Here’s an example:

Folder: C:\test

Access Mode: 1179817

Here’s what I came up with, it outputs the access modes, but without the account names associated with them:

effective access modes for ((account names of trustees of entries of dacls of security descriptors of folder “c:\test”) as string) of dacls of security descriptors of folder “c:\test”

How can I do an if

access mode > 1179817


account name,access mode