Skip navigation
Menu
Compute Engines

JSI Tip 10425. How can I determine if there are any old SIDs in my ACLs?


Using SubInAcl.exe, I have scripted SDDL.BAT to determine if your ACLs are only made up of migrated SIDs, so you can delete all the SID-history.

The syntax for using SDDL.BAT is:

SDDL Drive: SID FileName

Where:

Drive:   is the drive letter you wish to inspect, like C:.

SID      is the old SID string you wish to test.

FileName is the name of the file that will contain file system objects that still have the old SID.
SDDL.BAT contains: 
@echo off
If \{%3\}==\{\} @echo Syntax: sddl Drive: SID FileName&goto :EOF
setlocal
set drv=%1
set sid=%2
set FileName=%3
set uni="%TEMP%\sddl_unicode_%RANDOM%.tmp"
set txt="%TEMP%\sddl_txt_%RANDOM%.tmp"
SubInAcl /outputlog=%uni% /nostatistic /subdirectories %drv% /display=sddl
:: Convert from unicode
Type %uni%>%txt%
if exist "%TEMP%\sddl.vbs" goto doit
@echo.dim fso, readfile, contents, objArguments>"%TEMP%\sddl.vbs"
@echo.dim FullFileName, object, work>>"%TEMP%\sddl.vbs"
@echo.dim OutFileName, writefile>>"%TEMP%\sddl.vbs"
@echo.Set objArguments = Wscript.Arguments>>"%TEMP%\sddl.vbs"
@echo.set fso = CreateObject("Scripting.FileSystemObject")>>"%TEMP%\sddl.vbs"
@echo.FullFileName=objArguments(0)>>"%TEMP%\sddl.vbs"
@echo.OutFileName=objArguments(1)>>"%TEMP%\sddl.vbs"
@echo.sid=objArguments(2)>>"%TEMP%\sddl.vbs"
@echo.set readfile = fso.OpenTextFile(FullFileName, 1, false)>>"%TEMP%\sddl.vbs"
@echo.set writefile = fso.CreateTextFile(OutFileName, 2)>>"%TEMP%\sddl.vbs"
@echo.Do until readfile.AtEndOfStream = True>>"%TEMP%\sddl.vbs"
@echo.     contents = readfile.ReadLine>>"%TEMP%\sddl.vbs"
@echo.     If InStr(contents, "+File") Then>>"%TEMP%\sddl.vbs"
@echo.	     work = contents>>"%TEMP%\sddl.vbs"
@echo.	     object = Replace(work, "+File ", "")>>"%TEMP%\sddl.vbs"
@echo.     End If>>"%TEMP%\sddl.vbs"
@echo.     if Instr(contents, sid) Then>>"%TEMP%\sddl.vbs"
@echo.       work=
" ^& object ^& 
">>"%TEMP%\sddl.vbs"
@echo.       writefile.writeLine work>>"%TEMP%\sddl.vbs"
@echo.     End If>>"%TEMP%\sddl.vbs"
@echo.loop>>"%TEMP%\sddl.vbs"
@echo.readfile.close>>"%TEMP%\sddl.vbs"
@echo.writefile.close>>"%TEMP%\sddl.vbs"
:doit
if exist %FileName% del /q %FileName%
cscript //nologo "%TEMP%\sddl.vbs" %txt% %FileName% %sid%
del /q %uni%
del /q %txt%
endlocal



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023