Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Script to check folder permissions

Status
Not open for further replies.
jlozan

jlozan

MIS
Joined
Oct 28, 2009
Messages
4
Location
US
Hello, I've looked in the forums, but can't find anything on this subject. I'm looking to create a script that will look at one specific folder and check for local groups to see if it has access or not. Then, I would like the script to return a 1 if the local groups have access or 0 if they don't. Is this doable?

xcalcs isn't really an option that I can tell because it will just give me the acls and not let me check against a group.

Thanks in advance for the help!
 
Sort by date Sort by votes
check out the below, its not the best looking code (and perhaps there are newer ways of doing it) but may serve as a starting point. it makes use of the adssecurity.dll from ms which you will need to register on the machine running the script

'author mrmovie
on error resume next
'option explicit
const ADS_RIGHT_DELETE = &h10000
const ADS_RIGHT_READ_CONTROL = &h20000
const ADS_RIGHT_WRITE_DAC = &h40000
const ADS_RIGHT_WRITE_OWNER = &h80000
const ADS_RIGHT_SYNCHRONIZE = &h100000
const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &h1000000
const ADS_RIGHT_GENERIC_READ = &h80000000
const ADS_RIGHT_GENERIC_WRITE = &h40000000
const ADS_RIGHT_GENERIC_EXECUTE = &h20000000
const ADS_RIGHT_GENERIC_ALL = &h10000000
const ADS_RIGHT_DS_CREATE_CHILD = &h1
const ADS_RIGHT_DS_DELETE_CHILD = &h2
const ADS_RIGHT_ACTRL_DS_LIST = &h4
const ADS_RIGHT_DS_SELF = &h8
const ADS_RIGHT_DS_READ_PROP = &h10
const ADS_RIGHT_DS_WRITE_PROP = &h20
const ADS_RIGHT_DS_DELETE_TREE = &h40
const ADS_RIGHT_DS_LIST_OBJECT = &h80
const ADS_RIGHT_DS_CONTROL_ACCESS = &h100
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' ADS_ACETYPE_ENUM
' Ace Type definitions
'
const ADS_ACETYPE_ACCESS_ALLOWED = 0
const ADS_ACETYPE_ACCESS_DENIED = &h1
const ADS_ACETYPE_SYSTEM_AUDIT = &h2
const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &h5
const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &h6
const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &h7
'++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
'
' ADS_ACEFLAGS_ENUM
' Ace Flagcd Constants
'
const F_UNKNOWN = &h1
const F_INHERIT_ACE = &h2
const F_NO_PROPAGATE_INHERIT_ACE = &h4
const F_INHERIT_ONLY_ACE = &h8
const F_INHERITED_ACE = &h10
const F_INHERIT_FLAGS = &h1f
const F_SUCCESSFUL_ACCESS = &h40
const F_FAILED_ACCESS = &h80

dim logfile,fso,rootfolder,sec
set fso = CreateObject("scripting.filesystemobject")
Set sec = CreateObject("ADsSecurity")

set logfile = fso.createtextfile("c:\permis01a.txt",true)

' do a recursive check
set rootfolder = fso.getfolder("h:\")
CheckDir rootfolder


Sub CheckDir(ByVal AFolder)
on error resume next
Dim MoreFolders, TempFolder
Set MoreFolders = AFolder.SubFolders
WScript.Echo AFolder.path
GetSecurity(AFolder.path)
'AuditFiles(AFolder)
For Each TempFolder In MoreFolders
CheckDir(TempFolder)
Next
End Sub

sub AuditFiles(afolder)
on error resume next
Dim AFile,AllFiles
set AllFiles = afolder.files
For Each AFile In AllFiles
wscript.echo AFile.path
GetSecurity(AFile.path)
Next
end sub

sub GetSecurity(areaname)
on error resume next
dim filesec,ace,dacl
set filesec = sec.GetSecuritydescriptor("FILE://" & areaname)

set dacl = filesec.DiscretionaryAcl

'-- Show the ACEs in the DACL ----
For Each ace In dacl
if ace.AceType = 0 then
wscript.echo "Ace.Trustee: " & ace.Trustee
wscript.echo "Ace.AccessMask: " & ace.AccessMask & " - " & reportRights(ace.AccessMask )
wscript.echo "Ace.AceFlags: " & ace.AceFlags & " - " & reportFlags(ace.AceFlags)
wscript.echo "Ace.AceType: " & ace.AceType
wscript.echo vbcrlf
logfile.writeline(areaname & "," & ace.Trustee & "," & reportRights(ace.AccessMask))
else
wscript.echo "No access"
end if
Next
end sub

function reportRights(val)
on error resume next
Dim s
' reports some simple known perms
if val = 2032127 then
s = "FULL CONTROL"
elseif val = 1245631 then
s = "CHANGE"
elseif val = 1179817 then
s= "READ"
elseif val = 131241 then
s = "DENY"
else
s=val
end if
reportRights = s
end function

function reportFlags(val)
on error resume next
dim s
if val and F_UNKNOWN then
s = s & "U|"
end if
if val and F_INHERIT_ACE then
s = s & "IA1|"
end if
if val and F_NO_PROPAGATE_INHERIT_ACE then
s = s & "IANP|"
end if
if val and F_INHERIT_ONLY_ACE then
s = s & "IOA|"
end if
if val and F_INHERITED_ACE then
s = s & "IA2|"
end if
if val and F_INHERIT_FLAGS then
s = s & "IF|"
end if
if val and F_SUCCESSFUL_ACCESS then
s = s & "SA|"
end if
if val and F_FAILED_ACCESS then
s = s & "FA|"
end if
reportFlags = s
end function
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

wchull
  • Locked
  • Question Question
How do I resolve this permissions error in my script?
Replies
0
Views
616
wchull
wchull
bdwilcox
  • Locked
  • Question Question
Script seeing input variable value as blank but sees hard-coded value
Replies
6
Views
1K
bdwilcox
bdwilcox
S
  • Locked
  • Question Question
Need to submit page when clicking a checkbox
Replies
0
Views
624
shbr5413
S
skrall
  • Locked
  • Question Question
script to create shortcuts of several folders in another folder
Replies
1
Views
401
Don Child
Don Child
PiotrMP006
  • Locked
  • Question Question
How to quickly check if a file has 1 or more lines of text?
Replies
1
Views
645
combo
combo

Part and Inventory Search

Sponsor

Back
Top