Script Solution for NTFS Permissions

[djtech2k]

I have to create a report of all files/directories within a certain directory structure on a server that Domain Admins DO NOT have access to.

I know some admins have removed Domain Admins locally from certain files/folders. I now need to report which files/folders a logged in domain admin cannot get to.

I have some vbscript and have thought about tools like subinacl or cacls, but I see nothing that will get me what I need. I have a vbscrip0t I can use to report everything and maybe I can tell it to only report ones that do not have Domain admin in the ACL, but I dont think that will account for Domain Admins being nested within another group. I think the ACL you get with vbscript is not the effective one.

Any ideas?

 

[TechyMcSe2k]

cacls *.* /T /C>c:\folder-fileperms.xls is a simple batch and can easily be sorted in Excel

 

[TechyMcSe2k]

xcacls may be more what you need

http://support.microsoft.com/kb/825751

 

[djtech2k]

Thanks. The cacls doesnt really tell me what I need and xcacls is kind of an issue because I need recursive searching, but because the OS is Windows 2000, I cannot use "LIKE" or wildcards in the WMI search.

 

[markdmac]

XCACLS will report on subs, you just need to use the /S and /T switches.

/S = Subdirectories
/T = Traverse

http://support.microsoft.com/kb/825751

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Zelandakh]

Why don't you think it recurses?