ps-aclreport/ps-aclreport.ps1

Import-Module ACLReportTools
$WorkDir="$env:LOCALAPPDATA\ps-aclreport"
$SHARE="esphome"
$COMPUTER="localhost"
$Date=(Get-Date).ToString("yyyyMMddHHmmss")

function createBaselineReport($Computer, $Share){
    $ShareName="${Computer}-${Share}"
    $BaselineName="Baseline_${ShareName}_${Date}"
    New-ACLShareReport -ComputerName $Computer -Include $Share -IncludeInherited | Export-ACLReport -Path "${Workdir}\${BaselineName}.acl" -Force 
}

function createCurrentReport($Computer, $Share){
    $ShareName="${Computer}-${Share}"
    $Date=(Get-Date).ToString("yyyyMMddHHmmss")
    $CurrentName="Current_${ShareName}_${Date}"
    New-ACLShareReport -ComputerName $Computer -Include $Share -IncludeInherited | Export-ACLReport -Path "${Workdir}\${CurrentName}.acl" -Force 
}

function compareBaselineToCurrent(){
    $LastBaseline=(Get-ChildItem $WorkDir | Sort-Object LastWriteTime | Where-Object {$_.name -match "Baseline_${COMPUTER}-${SHARE}.*"} | Select-Object -last 1)
    $Current=(Get-ChildItem $WorkDir | Sort-Object LastWriteTime | Where-Object {$_.name -match "Current_${COMPUTER}-${SHARE}.*"} | Select-Object -last 1)
    $DiffReportName="DiffReport_${COMPUTER}-${SHARE}_${Date}.acr"
    $BaselineImport=(Import-ACLReport -Path $LastBaseline.FullName)
    New-Item -ItemType Directory -Path $WorkDir -Name "DiffReports" -Force -ErrorAction SilentlyContinue | Out-Null
    Compare-ACLReports -Baseline $BaselineImport -ComputerName $COMPUTER -Include $SHARE | Export-ACLPermissionDiff -Path "$WorkDir\DiffReports\$DiffReportName" -Force -WarningAction SilentlyContinue
}

function pruneBaselineReports(){
    $reg="([a-zA-Z]+_.*)_\d{4}\d{2}\d{2}\d{2}\d{2}\d{2}\.acl"
    $ReportGroups=(Get-Childitem -Path $WorkDir) | Sort-Object -Property Name | Where-Object {$_.name -match "([a-zA-Z]+_.*)_\d{4}\d{2}\d{2}\d{2}\d{2}\d{2}\.acl"}  | Group-Object -Property {$Matches[1]}
    For ($i=0; $i -lt $ReportGroups.Length; $i++){
        For ($j=0; $j -lt $ReportGroups[$i].Count; $j++){
            if ($j -ne 0 -And $j -ne ($ReportGroups[$i].Count-1)){
                remove-item $ReportGroups[$i].Group[$j].FullName -Force
            }
        }
    }
}
function pruneCurrentReports(){
    #Current to new Baseline and delete or just rename
    $Current=(Get-ChildItem $WorkDir | Sort-Object LastWriteTime | Where-Object {$_.name -match "Current_${COMPUTER}-${SHARE}.*"} | Select-Object -last 1)
    Rename-Item -Path $Current.FullName -NewName "Baseline_${COMPUTER}-${SHARE}_${Date}.acl"
}

# If there's no baseline, create one, then die
if(!((Get-ChildItem $WorkDir) | Where-Object {$_.Name -match "Baseline_${COMPUTER}-${SHARE}.*"})){
    createBaselineReport $COMPUTER $SHARE
    exit 0
}
else {
    createCurrentReport $COMPUTER $SHARE
    compareBaselineToCurrent
    #After comparing Current to Baseline
    pruneCurrentReports
    # Delete old Reports
    pruneBaselineReports
}