Re: Enum only files/folders where explicit NTFS rights have been s
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Fri, 22 Dec 2006 13:49:11 -0700
Hi Claude,
It sounds like your experience mirrors mine, that when one
can take advantage of the forms seen in a specific environment,
then this becomes tractable. Writing a generic for all situations
is likely so full of cases that that is why we do not have many
such tools about on the net.
Roger
"Claude Lachapelle" <ClaudeLachapelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:C60B0F6F-5F7B-4303-AB4A-6A899AEBD308@xxxxxxxxxxxxxxxx
You are right when you say "ACL had been touched by earlier generations
of NTFS"... check my message:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?&lang=en&cr=US&guid=&sloc=en-us&dg=microsoft.public.scripting.vbscript&p=1&tid=de5e8ff1-befc-4bb3-af27-9fb0113872c0&mid=3c4231fe-c936-474b-891f-a9a717e6dd06
Now, I'm looking for a way of identifying the "origin" of the
files/folders,
to add that to my VBScript...
I'm really near to finally have what I was looking for originally...
"Roger Abell [MVP]" wrote:
What I found is that the bit (inheritance requested, ace inherited, etc.
that give info as to origin of a specific ACE are in cases rather
difficult
to correctly interpret if the ACL had been touched by earlier generations
of NTFS) and that presenting the info in the way your request is
complicated
by fact that the inherited or not info is at the per ACE level but we
want
to
see the aggregate named grants (Modify, Full, etc.)
As I said, I am still looking for something that actually does do what
you
are after, and does it reliably in face of any history of the storage.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
"Claude Lachapelle" <ClaudeLachapelle@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:7B738B78-6E97-4C31-9CD0-3363CA456C34@xxxxxxxxxxxxxxxx
Addendum
AccessEnum "differ from parent" feature is not so much evolved, since
it
is
only comparing effectives rights listing to the parent rights listing,
and
not what SHOULD inherit OR NOT (like for folders rights where "Apply
onto:
This folder and subfolers" where files are not inheriting from
parent --
which is a normal behavior, but all files are listed since different
from
parent).
I think I will submit this "problem" to SysInternals support...
"Claude Lachapelle" wrote:
Initially, I did not see the option "Display files with permissions
that
differ from parent" builtin into AccessEnum, thanks for the
suggestion,
whit
this flag on, it is now reporting what I need.
Thanks.
"Alun Jones" wrote:
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OoLsM%23HJHHA.1248@xxxxxxxxxxxxxxxxxxxxxxx
Hi Claude,
If you find such tool (reliable that is), let me know please.
I got to the point of trying to write one, mostly did, but soon
discovered that telling if or if not an ACE in an ACL is due
to inheritance is not simple, particularly if the storage has
a history tracing back into NT4.
Have you tried SysInternals' AccessEnum?
http://www.microsoft.com/technet/sysinternals/Security/AccessEnum.mspx
Alun.
~~~~
.
- References:
- Re: Enum only files/folders where explicit NTFS rights have been sette
- From: Roger Abell [MVP]
- Re: Enum only files/folders where explicit NTFS rights have been sette
- From: Alun Jones
- Re: Enum only files/folders where explicit NTFS rights have been s
- From: Roger Abell [MVP]
- Re: Enum only files/folders where explicit NTFS rights have been s
- From: Claude Lachapelle
- Re: Enum only files/folders where explicit NTFS rights have been sette
- Prev by Date: Re: Enable file auditing on many servers
- Next by Date: Re: Enable file auditing on many servers
- Previous by thread: Re: Enum only files/folders where explicit NTFS rights have been s
- Next by thread: Re: Enum only files/folders where explicit NTFS rights have been sette
- Index(es):
Relevant Pages
|
Loading
