I have scripted FindACL.bat to generate a comma separated value file that reports folders and files that have permissions
for the users and groups that you specify.
FindACL.bat uses the built-in CACLS command, which displays users and groups in a format like:
BUILTIN\Administrators NT AUTHORITY\SYSTEM <DomainName>\USERorGROUP Everyone <ComputerName>\USERorGROUPThe syntax for using FindACL.bat is:
FindACL Drive ReportFile UsrGrp1 \[UsrGrp2 ... UserGrpN\]
where:
Drive is the Drive Letter or folder path that contains the sub-folders and files. ReportFile is the file that will contain the output report. UsrGrpX is the users and/or groups you are looking for.The format of the ReportFile file is:
"Fully Qualified Folder of File Name","User or Group"
NOTE: FindACL runs a long time, based upon the number of folders and files, and ACEs per file system object.
FindACL.bat contains:
@echo off if \{%3\}\{\} @echo FindACL Drive ReportFile UsrGrp1 \[UsrGrp2 ... UsrGrpN\]&goto :EOF setlocal set work=%1 set work=%work:"=%# set drv=%work:\#=% set drv=%drv:#=% set obj=%drv% if exist "%TEMP%\FindACL.tmp" del /q "%TEMP%\FindACL.tmp" set out=%2 if exist %out% del /q %out% :loop if \{%3\}
\{\} goto fnd set ACL=%3 shift set ACL=%ACL:"=% @echo %ACL%>>"%TEMP%\FindACL.tmp" goto loop :fnd call :parse for /f "Tokens=*" %%O in ('dir %drv% /b /s /a') do set obj=%%O&call :parse del /q "%TEMP%\FindACL.tmp" endlocal goto :EOF :parse call set remove=%obj:&= % set /a cnt = 0 call echo.%%remove%%>%TEMP%\$VarLen$.tmp for %%n in (%TEMP%\$VarLen$.tmp) do set /a cnt = %%~zn - 2 set /a cnt=%cnt% + 1 for /f "Tokens=*" %%f in ('cacls "%obj%"^|Findstr /i /l /g:"%TEMP%\FindACL.tmp"') do ( set line=%%f call :strip ) goto :EOF :strip if "%line%" EQU "" goto :EOF call set line=%line:&= % call set line=%line:(=\{% call set line=%line:)=\}% call set line=%line:\ = % call set work=%line:not found=% if "%work%" NEQ "%line%" goto :EOF if "%line:~1,1%" EQU ":" call set line=%%line:~%cnt%%% for /f "Tokens=1* Delims=:" %%a in ('@echo %line%') do ( set line=%%a ) @echo "%remove%","%line%">>%out%
1 comment
Hide comments