?
Solved

Inheritable Permissions

Posted on 2006-03-22
11
Medium Priority
?
646 Views
Last Modified: 2008-01-09
Are there any tools such as Subinacl or SetACL that will show me the places in my file system that Inheritable Permissions has been disabled?

If so, what is the syntax?
0
Comment
Question by:lpenrod
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 20

Expert Comment

by:mkbean
ID: 16261382
Take a look at SysInternal's AccessEnum for this - http://www.sysinternals.com/Utilities/AccessEnum.html

The great thing, it's free!!!

Brian
0
 
LVL 3

Author Comment

by:lpenrod
ID: 16262214
I don't see where it shows that inheritance has been blocked.
0
 
LVL 20

Expert Comment

by:mkbean
ID: 16262531
I was thinking something a little different.  It won't show you specifically if inheritance is broken but it will show you permissions that are different then the parent which is the result of inhertance being blocked.  

It's not easy but if you click on Options and then select "Display files with permissions that differ from parent".

Brian
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 9

Expert Comment

by:Jeff Beckham
ID: 16263386
You should be able to use the fileacl.exe utility.  I'm working on syntax...
0
 
LVL 7

Expert Comment

by:Giuseppe "Pino" De Francesco
ID: 16264033
Hiya,

hust create a text file, edit it and copy the next script into, rename it to check.vbs and just double click on it. This checks if the inheritance check box has been cleared. Hope is handy.

Cheers
Pino

Computer = "."
Set objWMI = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")

Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")

For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = _
        objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            WScript.Echo Folder.Name & " NOT INHERITS."
        End If
    End If
Next
0
 
LVL 20

Expert Comment

by:mkbean
ID: 16264129
Pretty nice script.  How could you output it to a file though?

Brian
0
 
LVL 7

Expert Comment

by:Giuseppe "Pino" De Francesco
ID: 16264300
Just modify it in this way:

Computer = "."
Set objWMI = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")

Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")

Set mFSO = CreateObject("Scripting.FileSystemObject")
Set mTextFile = mFSO.OpenTextFile("c:\result.txt", 8, True)

For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = _
        objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            mTextFile.WriteLine(Folder.Name & " NOT INHERITS.")
    End If
Next
mTextFile.Close
0
 
LVL 3

Author Comment

by:lpenrod
ID: 16270008
I have tried the last script on several machines.
It runs for a while and then gives the error:
Windows Script Host
Script: C:\test.vbs
Line: 12
Char: 5
Error: Invalid object path
Code: 8004103A
Source: SWbemServicesEx
0
 
LVL 7

Accepted Solution

by:
Giuseppe "Pino" De Francesco earned 2000 total points
ID: 16270355
An error in pasting here (a next missing) but your error seems given on an old version or old machine. Be sure to have the last engine up and running. Yoiu can get it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en

Here the script corrected:

Computer = "."
Set objWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")
Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")
Set mFSO = CreateObject("Scripting.FileSystemObject")
Set mTextFile = mFSO.OpenTextFile("c:\result.txt", 8, True)
For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            mTextFile.WriteLine(Folder.Name & " NOT INHERITS.")
        end if
    End If
   
Next
mTextFile.Close
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question