JSI Tip 8139. How can I report folders that contain specified permissions on a drive?


Using the built-in CACLS command, I have scripted FindPerms.bat to report the folders on a drive that contain the permissions you specify.

If you wanted to report on all the folders on drive C: that contained the EveryOne and BUILTIN\Users group with Full Control permissions, the output might look something like (on someone else's computer):

"SomeOnesComputer","C:","BUILTIN\Users","F"
"SomeOnesComputer","C:","Everyone","F"
"SomeOnesComputer","C:\Documents and Settings","BUILTIN\Users","F"
"SomeOnesComputer","C:\Documents and Settings","Everyone","F"
The syntax for using FindPerms.bat is:

FindPerms Drive ReportFile Perm1 \[Perm2 ... PermN\]

Where:

Drive       is the Drive Letter that contains the folders.
ReportFile  is the file that will contain the ouput report.
PermX       is the permission you are look for, using the Account:Permission syntax,
            per the following. If cacls C: displays:

C:\ BUILTIN\Administrators:F
    BUILTIN\Administrators:(OI)(CI)(IO)F
    NT AUTHORITY\SYSTEM:F
    NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(special access:)
                                    STANDARD_RIGHTS_ALL
                                    DELETE
                                    READ_CONTROL
                                    WRITE_DAC
                                    . . .
                                    FILE_READ_ATTRIBUTES
                                    FILE_WRITE_ATTRIBUTES

    BUILTIN\Users:F
    BUILTIN\Users:(OI)(CI)(IO)(special access:)
                              GENERIC_READ
                              GENERIC_EXECUTE

    BUILTIN\Users:(CI)(special access:)
                      FILE_APPEND_DATA

    BUILTIN\Users:(CI)(IO)(special access:)
                          FILE_WRITE_DATA

    Everyone:F

and you wanted to report on all C: folder that contained:

BUILTIN\Users       Full Control
Everyone            Full Control
BUILTIN\Users       FILE_WRITE_DATA

Then:

FindPerms C: ReportFile.txt BUILTIN\Users:F Everyone:F BUILTIN\Users:FILE_WRITE_DATA

or

FindPerms C ReportFile.txt "BUILTIN\Users:F" "Everyone:F" "BUILTIN\Users:FILE_WRITE_DATA"
NOTE: FindPerms runs a long time, based upon the number of folders, and ACLs per folder.

FindPerms.bat contains:

@echo off
if \{%3\}

\{\} @echo FindPerms Drive ReportFile Perm1 \[Perm2 ... PermN\]&goto :EOF setlocal set work=%1 set work=%work:"=% set drv=%work:~0,1%: set obj=%drv% if exist "%TEMP%\FindPerms.tmp" del /q "%TEMP%\FindPerms.tmp" if exist "%TEMP%\FindPermsp.tmp" del /q "%TEMP%\FindPermsp.tmp" set out=%2 if exist %out% del /q %out% :loop if \{%3\}

\{\} goto fnd set perm=%3 shift set perm=%perm:"=% call set perm=%perm:(=\{% call set perm=%perm:)=\}% for /f "Tokens=1* Delims=:" %%p in ('@echo %perm%') do ( set usr="%%p" set acc="%%q" ) @echo %usr%,%acc%>>"%TEMP%\FindPerms.tmp" set acc=%acc:"=% set wrk=%acc%# if "%wrk:~1,1%" EQU "#" set acc=:%acc% @echo %acc%>>"%TEMP%\FindPermsp.tmp" goto loop :fnd call :parse for /f "Tokens=*" %%O in ('dir %drv% /b /s /a /ad') do set obj=%%O&call :parse del /q "%TEMP%\FindPerms.tmp" del /q "%TEMP%\FindPermsp.tmp" endlocal goto :EOF :parse call set remove=%obj:&= % call set remove=%remove:(=\{% call set remove=%remove:)=\}% set l1=Y for /f "Tokens=*" %%f in ('cacls "%obj%"^|Findstr /v /c:">%out% )



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish