Skip navigation
Menu
Compute Engines

JSI Tip 8545. How can I generate a report of folders and files that have specific user or group permissions set?


I have scripted FindACL.bat to generate a comma separated value file that reports folders and files that have permissions for the users and groups that you specify.

FindACL.bat uses the built-in CACLS command, which displays users and groups in a format like:

BUILTIN\Administrators
NT AUTHORITY\SYSTEM
<DomainName>\USERorGROUP
Everyone
<ComputerName>\USERorGROUP
The syntax for using FindACL.bat is:

FindACL Drive ReportFile UsrGrp1 \[UsrGrp2 ... UserGrpN\]

where:

Drive       is the Drive Letter or folder path that contains the sub-folders and files.
ReportFile  is the file that will contain the output report.
UsrGrpX     is the users and/or groups you are looking for.
The format of the ReportFile file is:

"Fully Qualified Folder of File Name","User or Group"

NOTE: FindACL runs a long time, based upon the number of folders and files, and ACEs per file system object.

FindACL.bat contains:

@echo off
if \{%3\}
\{\} @echo FindACL Drive ReportFile UsrGrp1 \[UsrGrp2 ... UsrGrpN\]&goto :EOF
setlocal
set work=%1
set work=%work:"=%#
set drv=%work:\#=%
set drv=%drv:#=%
set obj=%drv%
if exist "%TEMP%\FindACL.tmp" del /q "%TEMP%\FindACL.tmp"
set out=%2
if exist %out% del /q %out%
:loop
if \{%3\}
\{\} goto fnd
set ACL=%3
shift
set ACL=%ACL:"=%
@echo %ACL%>>"%TEMP%\FindACL.tmp"
goto loop
:fnd
call :parse
for /f "Tokens=*" %%O in ('dir %drv% /b /s /a') do  set obj=%%O&call :parse
del /q "%TEMP%\FindACL.tmp" 
endlocal
goto :EOF
:parse
call set remove=%obj:&= %
set /a cnt = 0
call echo.%%remove%%>%TEMP%\$VarLen$.tmp
for %%n in (%TEMP%\$VarLen$.tmp) do set /a cnt = %%~zn - 2
set /a cnt=%cnt% + 1
for /f "Tokens=*" %%f in ('cacls "%obj%"^|Findstr /i /l /g:"%TEMP%\FindACL.tmp"') do (
 set line=%%f
 call :strip
)
goto :EOF
:strip
if "%line%" EQU "" goto :EOF
call set line=%line:&= %
call set line=%line:(=\{%
call set line=%line:)=\}%
call set line=%line:\ = %
call set work=%line:not found=%
if "%work%" NEQ "%line%" goto :EOF
if "%line:~1,1%" EQU ":" call set line=%%line:~%cnt%%%
for /f "Tokens=1* Delims=:" %%a in ('@echo %line%') do (
 set line=%%a
 )
@echo "%remove%","%line%">>%out%



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023