lpenrod
asked on
Inheritable Permissions
Are there any tools such as Subinacl or SetACL that will show me the places in my file system that Inheritable Permissions has been disabled?
If so, what is the syntax?
If so, what is the syntax?
ASKER
I don't see where it shows that inheritance has been blocked.
I was thinking something a little different. It won't show you specifically if inheritance is broken but it will show you permissions that are different then the parent which is the result of inhertance being blocked.
It's not easy but if you click on Options and then select "Display files with permissions that differ from parent".
Brian
It's not easy but if you click on Options and then select "Display files with permissions that differ from parent".
Brian
You should be able to use the fileacl.exe utility. I'm working on syntax...
Hiya,
hust create a text file, edit it and copy the next script into, rename it to check.vbs and just double click on it. This checks if the inheritance check box has been cleared. Hope is handy.
Cheers
Pino
Computer = "."
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=imper sonate}!\\ " & Computer & "\root\cimv2")
Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")
For Each Folder in Folders
Set objWMI = GetObject("winmgmts:")
Set FolderSecuritySettings = _
objWMI.Get("Win32_LogicalF ileSecurit ySetting=' " & Folder.Name & "'")
RetVal = FolderSecuritySettings.Get SecurityDe scriptor(S D)
ControlFlags = SD.ControlFlags
If ControlFlags AND 4 Then
If ControlFlags AND 4096 Then
WScript.Echo Folder.Name & " NOT INHERITS."
End If
End If
Next
hust create a text file, edit it and copy the next script into, rename it to check.vbs and just double click on it. This checks if the inheritance check box has been cleared. Hope is handy.
Cheers
Pino
Computer = "."
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=imper
Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")
For Each Folder in Folders
Set objWMI = GetObject("winmgmts:")
Set FolderSecuritySettings = _
objWMI.Get("Win32_LogicalF
RetVal = FolderSecuritySettings.Get
ControlFlags = SD.ControlFlags
If ControlFlags AND 4 Then
If ControlFlags AND 4096 Then
WScript.Echo Folder.Name & " NOT INHERITS."
End If
End If
Next
Pretty nice script. How could you output it to a file though?
Brian
Brian
Just modify it in this way:
Computer = "."
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=imper sonate}!\\ " & Computer & "\root\cimv2")
Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")
Set mFSO = CreateObject("Scripting.Fi leSystemOb ject")
Set mTextFile = mFSO.OpenTextFile("c:\resu lt.txt", 8, True)
For Each Folder in Folders
Set objWMI = GetObject("winmgmts:")
Set FolderSecuritySettings = _
objWMI.Get("Win32_LogicalF ileSecurit ySetting=' " & Folder.Name & "'")
RetVal = FolderSecuritySettings.Get SecurityDe scriptor(S D)
ControlFlags = SD.ControlFlags
If ControlFlags AND 4 Then
If ControlFlags AND 4096 Then
mTextFile.WriteLine(Folder .Name & " NOT INHERITS.")
End If
Next
mTextFile.Close
Computer = "."
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=imper
Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")
Set mFSO = CreateObject("Scripting.Fi
Set mTextFile = mFSO.OpenTextFile("c:\resu
For Each Folder in Folders
Set objWMI = GetObject("winmgmts:")
Set FolderSecuritySettings = _
objWMI.Get("Win32_LogicalF
RetVal = FolderSecuritySettings.Get
ControlFlags = SD.ControlFlags
If ControlFlags AND 4 Then
If ControlFlags AND 4096 Then
mTextFile.WriteLine(Folder
End If
Next
mTextFile.Close
ASKER
I have tried the last script on several machines.
It runs for a while and then gives the error:
Windows Script Host
Script: C:\test.vbs
Line: 12
Char: 5
Error: Invalid object path
Code: 8004103A
Source: SWbemServicesEx
It runs for a while and then gives the error:
Windows Script Host
Script: C:\test.vbs
Line: 12
Char: 5
Error: Invalid object path
Code: 8004103A
Source: SWbemServicesEx
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
The great thing, it's free!!!
Brian