Help with a PS script.

Hey Powershell.com

I need some help from you guys with a PS script i'm writing.

The intended purpose of the script is to run checks on ACLs on folders in our filesystem (some 200k folders).

The folder structure is pretty much as follows \\Storage\$group\public or \\Storage\$group\privat.

What i want the script to do is to first run a check on all the folders named public then all folders named private, and compare permissions with a preset parameter of ACLs.

To clarify, i don't want the script to set any ACLs, only get and compare.

Heres the script, so far:

1. $Path = "\\SV-WINFS-01\e$\Storage\Data\Group"
2. $Domain = (Get-ADDomain).NetBIOSName
3. $Log = "$(Split-Path $MyInvocation.MyCommand.Path)\Permissions-$(Get-Date -format 'MMddyy-hhmm').csv"
4. Add-Content -Value "$(Get-Date): Processing folder: $Path" -Path $Log
5. $Dirs = Get-ChildItem -Path "$Path\*" | Where { $_.PSisContainer }
6. $UserError = @()
7. ForEach ($Dir in $Dirs)
8. {    $Group = Split-Path $Dir.Fullname -Leaf
9.     [Switch]$ShowCorrect
10.     $PublicPerm = New-Object System.Security.AccessControl.DirectorySecurity
11.     $Rule_Admin = New-Object Security.AccessControl.FileSystemAccessRule("NGM.Internal\Administrator",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
12.     $Rule_DAdmin = New-Object Security.AccessControl.FileSystemAccessRule("NGM.Internal\Domain Admins",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
13.     $Rule_Everyone = New-Object Security.AccessControl.FileSystemAccessRule("Everyone",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
14.     $Rule_System = New-Object Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
15.     $Rule_Grp = New-Object Security.AccessControl.FileSystemAccessRule("$Domain\$Group",@("FullControl"),"ContainerInherit, ObjectInherit","None","Allow")
16.     $PublicPerm.AddAccessRule($Rule_Admin)
17.     $PublicPerm.AddAccessRule($Rule_DAdmin)
18.     $PublicPerm.AddAccessRule($Rule_Everyone)
19.     $PublicPerm.AddAccessRule($Rule_System)
20.     $PublicPerm.AddAccessRule($Rule_Grp)
21.    
22.     Try
23.     {
24.         $Test = Get-ADGroup $Group -ErrorAction Stop
25.         $PublicACL = Get-Acl -Path "$($Dir)\public" -ErrorAction Stop | ForEach-Object { $_.Access }
26.             if ((Compare-Object $($PublicACL.access) $($PublicPerm.access) -property FileSystemRights,IdentityReference,InheritanceFlags,PropagationFlags).count -gt 0) {
27.             Add-Content -Value "$(Get-Date): INCORRECT permissions for $($Group)\Public : $($PublicACL)" -Path $Log
28.         }
29.         else {
30.         if ($ShowCorrect.IsPresent){write-host "$PATH is correct"}
31.         return $true
32.         }
33.     }
34.     Catch
35.     {    Add-Content -Value "$(Get-Date): Unable to process $($Dir.Fullname) because $($Error[0])" -Path $Log
36.     }
37. }
38. Add-Content -Value "$(Get-Date): Script completed" -Path $Log

This isn't the completed script, just something i put together to test my theory of how to do it.

However, when i run this i get a csv file containing tons of instances of the following:

"06/03/2014 12:24:48: Unable to process \\SV-WINFS-01\e$\Storage\Data\Group\XXX because Cannot bind argument to parameter 'ReferenceObject' because it is null."

Either i'm currently scripting blind or i'm not thinking straight, because i can't find the error... :/

Anyone?