Advanced NTFS Permissions Output

Greetings,

Hello to all this is my first post here and was trying to get some output for an application team concerning NTFS permissions on shares.  I understand how to get output utilizing the Win32_Shares WMI Namespace but their requirements take me into using Win32_LogicalFileSecuritySetting as well when trying to meet their requirements. Their requested output is below: (sorry if the spacing gets all chopped)

<#

\\ServerName\C$\Windows

Type   Account                      Permissions     Apply To                           Permissions Detailed                                    
-----  ---------------------------  --------------  ---------------------------------  -----------------------------------------------------   
Allow  ServerName\Administrators       [RWXD--]        This folder only                   Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,D,Rp,S         
Allow  ServerName\Administrators       [Full Control]  Subfolders and files only          Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S   
Allow  ServerName\Users                [R-X---]        This folder, subfolders and files  Tr/Ex,Lf/Rd,Ra,Rea,Rp,S                                
Allow  CREATOR OWNER                [Full Control]  Subfolders and files only          Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S  
Allow  NT SERVICE\TrustedInstaller  [Full Control]  This folder and subfolders         Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S   
Allow  SYSTEM                       [RWXD--]        This folder only                   Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,D,Rp,S          
Allow  SYSTEM                       [Full Control]  Subfolders and files only          Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S  

 #>

Getting the server name and specific path I can get.  I also can get the "Type" by checking the security descriptor shown below in my script so far. 

[CmdletBinding()]
Param(
  [Parameter(Mandatory=$True,Position=1)]
  [string]$ServersFile
)
Process {
    Function Get-NtfsRights($name,$path,$comp)
    {
        $path = [regex]::Escape($path)
        $share = "\\$comp\$name"
        $wmi = gwmi Win32_LogicalFileSecuritySetting -filter "path='$path'" -ComputerName $comp
        $wmi.GetSecurityDescriptor().Descriptor.DACL | where {$_.AccessMask -as [Security.AccessControl.FileSystemRights]} |select `
                @{name="Principal";Expression={"{0}\{1}" -f $_.Trustee.Domain,$_.Trustee.name}},
                @{name="Rights";Expression={[Security.AccessControl.FileSystemRights] $_.AccessMask }},
                @{name="AceFlags";Expression={[Security.AccessControl.AceFlags] $_.AceFlags }},
                @{name="AceType";Expression={[Security.AccessControl.AceType] $_.AceType }},
                @{name="ShareName";Expression={$share}}
    }
    Clear-Host
    $serversfilename = (get-item $serversfile).name
    $myDir = Split-Path -Parent $MyInvocation.MyCommand.Path
    $Outfile = $myDir + "\outfile.csv"
    Get-Content $ServersFile | foreach {
        $server = $_
        $FullDomain = (Get-WmiObject -class Win32_ComputerSystem -ComputerName $Server).domain
        $Domain = $FullDomain.Split(".")[0]
        $hidden = "No"
        get-WmiObject -class Win32_Share -computer $server | foreach {
            $Share = $_
            $ShareName = $Share.name
            if ($ShareName.endswith("$")) {$Hidden = "Yes"}
            $path = $Share.path
            if (!($path)) {$path = "[N/A]"}
    
            else {
            Get-NtfsRights $ShareName $Path $Server
            }
        }
    }
}

I have other requirements to see if it is hidden and the path etc.  Those I can get.  The output above I know I'll have to setup another mask or case loop for different variables. or something.  Any help with some output on this guys? Thanks so much for any time you may have to help.