Re: Tool/script to walk thru all folders/shares and identify non-i

"Jesper" <Jesper@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6211FC23-1E4C-4618-84A6-B96543D71C74@xxxxxxxxxxxxxxxx
Roger, have you tried icacls in Vista? It has a number of bugs in it, but
also shows some promise.


No I have not, at least that is not against what I find the most
problematic, which is storage that has been existing since NT 4
and so seen a few changes in ACE flag semantics.
That is a good idea to test it out though, so I will watch for
an opportunity.

Roger



"Roger Abell [MVP]" wrote:

I have yet to find any scriptable tool that can reliably do the detection
of inherited or not on storage that has had an arbitrary history.

See thread begun December 20, 2006 1:47 PM with subject
Enum only files/folders where explicit NTFS rights have been sette
in microsoft.public.security
for list of other tools that have been tried and found lacking

"rcebolleto" <rcun@xxxxxxxxxxxxxxx> wrote in message
news:Doznh.14993$Gw4.13992@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi guys

Looking for an easy to use tool (prferably one that is scriptable)
which
can walk through all folders, shares (and all directory objects, too -
a
guy can wish can't he?) so that I can rapidly discover those files with
an
unknown/broken SID or explicitly granted permissions whcih are always
buried 3 folders deep in SYSVOL or docs&sets/administrator/localsetting
s/foo, which were put there because the previous admin needed to do a
quick workaround or just plain didn't appreciate what a pain it would
be
for the next guy to figure out where all these goodies are stashed.

TreeSize Pro 4 sort of does this, but I don't know if it is scriptable,
and it just groups files by user (and lumps all nameless users under
one
big 'unknown' category) - it doesn't address the inheritance-explicit
permissions issue.

Any ideas are welcome

Rob





.

Relevant Pages

  • Re: Tool/script to walk thru all folders/shares and identify non-i
    ... unknown/broken SID or explicitly granted permissions whcih are ... and it just groups files by user (and lumps all nameless users under ...
    (microsoft.public.windows.server.security)
  • Re: Tool/script to walk thru all folders/shares and identify non-i
    ... icacls is quite promising. ... unknown/broken SID or explicitly granted permissions whcih are always ... and it just groups files by user (and lumps all nameless users under ...
    (microsoft.public.windows.server.security)
  • Re: Tool/script to walk thru all folders/shares and identify non-inherited permissions
    ... unknown/broken SID or explicitly granted permissions whcih are always ... and it just groups files by user (and lumps all nameless users under one ... big 'unknown' category) - it doesn't address the inheritance-explicit ...
    (microsoft.public.windows.server.security)
  • Tool/script to walk thru all folders/shares and identify non-inherited permissions
    ... Looking for an easy to use tool which can walk through all folders, shares so that I can rapidly discover those files with an unknown/broken SID or explicitly granted permissions whcih are always buried 3 folders deep in SYSVOL or docs&sets/administrator/localsetting s/foo, which were put there because the previous admin needed to do a quick workaround or just plain didn't appreciate what a pain it would be for the next guy to figure out where all these goodies are stashed. ... TreeSize Pro 4 sort of does this, but I don't know if it is scriptable, and it just groups files by user (and lumps all nameless users under one big 'unknown' category) - it doesn't address the inheritance-explicit permissions issue. ...
    (microsoft.public.windows.server.security)