I have scripted If have scripted ListUserGroupPerms.bat to show all the permissions for all 'users on a drive, or folder tree.
The syntax for using ListUserGroupPerms.bat is:
ListUserGroupPerms "Drive:\Folder" "ReportFile" \[/F\]
Where "Drive:\Folder" is the path to start with, such as C: or "C:\Documents and Settings", ReportFile is the name a CSV that will contain:
"User or Group","File System Object","Sequence","Permission",
and /F is an optional switch to report on folders only.
NOTE: The ReportFile is sorted by "User or Group", "File System Object", "Sequence", and "Permission".
NOTE: "Permission" is displayed using the output of the CACLS command.
NOTE: "Sequence" is only present so that special access permissions are displayed in the proper order.
ListUserGroupPerms.bat contains:
@echo off
setlocal
IF \{%1\}\{\} GOTO bad
IF NOT EXIST %1 GOTO bad
IF \{%2\}
\{\} goto bad
set pf=%1
set pf=%pf:"=%#
set pf=%pf:\#=%
set pf="%pf:#=%"
set report=%2
if exist %report% del /q %report%
if exist "%TEMP%\ListUserGroupPerms.tmp" del /q "%TEMP%\ListUserGroupPerms.tmp"
set obj=%pf:"=%
set fld= /s
set fldh= /s /ah
set flds= /s /as
if /i \{%3\}==\{/f\} set fld=/s /ad &set fldh=/s /adh &set flds=/s /ads
call :parse
for /f "Tokens=*" %%O in ('dir /b%fld%%pf%') do set obj=%%O&call :parse
for /f "Tokens=*" %%O in ('dir /b%fldh%%pf%') do set obj=%%O&call :parse
for /f "Tokens=*" %%O in ('dir /b%flds%%pf%') do set obj=%%O&call :parse
sort "%TEMP%\ListUserGroupPerms.tmp" /O %report%
del /q "%TEMP%\ListUserGroupPerms.tmp"
endlocal
GOTO :EOF
:parse
call set remove=%obj:&= %
call set remove=%remove:(=\{%
call set remove=%remove:)=\}%
set l1=Y
set /a seq=10000
for /f "Tokens=*" %%f in ('cacls "%obj%"^|Findstr /v /c:">"%TEMP%\ListUserGroupPerms.tmp"
set /a seq=%seq% + 1
goto :EOF
:bad
@echo Usage: ListUserGroupPerms "Drive:\Folder" "ReportFile" \[/F\]
@echo.
endlocal
