Inheritable Permissions

Are there any tools such as Subinacl or SetACL that will show me the places in my file system that Inheritable Permissions has been disabled?

If so, what is the syntax?
LVL 3
lpenrodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BrianIT ManagerCommented:
Take a look at SysInternal's AccessEnum for this - http://www.sysinternals.com/Utilities/AccessEnum.html

The great thing, it's free!!!

Brian
0
lpenrodAuthor Commented:
I don't see where it shows that inheritance has been blocked.
0
BrianIT ManagerCommented:
I was thinking something a little different.  It won't show you specifically if inheritance is broken but it will show you permissions that are different then the parent which is the result of inhertance being blocked.  

It's not easy but if you click on Options and then select "Display files with permissions that differ from parent".

Brian
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Jeff BeckhamEngineerCommented:
You should be able to use the fileacl.exe utility.  I'm working on syntax...
0
Giuseppe "Pino" De FrancescoSenior Solution ArchitectCommented:
Hiya,

hust create a text file, edit it and copy the next script into, rename it to check.vbs and just double click on it. This checks if the inheritance check box has been cleared. Hope is handy.

Cheers
Pino

Computer = "."
Set objWMI = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")

Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")

For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = _
        objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            WScript.Echo Folder.Name & " NOT INHERITS."
        End If
    End If
Next
0
BrianIT ManagerCommented:
Pretty nice script.  How could you output it to a file though?

Brian
0
Giuseppe "Pino" De FrancescoSenior Solution ArchitectCommented:
Just modify it in this way:

Computer = "."
Set objWMI = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")

Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")

Set mFSO = CreateObject("Scripting.FileSystemObject")
Set mTextFile = mFSO.OpenTextFile("c:\result.txt", 8, True)

For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = _
        objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            mTextFile.WriteLine(Folder.Name & " NOT INHERITS.")
    End If
Next
mTextFile.Close
0
lpenrodAuthor Commented:
I have tried the last script on several machines.
It runs for a while and then gives the error:
Windows Script Host
Script: C:\test.vbs
Line: 12
Char: 5
Error: Invalid object path
Code: 8004103A
Source: SWbemServicesEx
0
Giuseppe "Pino" De FrancescoSenior Solution ArchitectCommented:
An error in pasting here (a next missing) but your error seems given on an old version or old machine. Be sure to have the last engine up and running. Yoiu can get it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=C717D943-7E4B-4622-86EB-95A22B832CAA&displaylang=en

Here the script corrected:

Computer = "."
Set objWMI = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")
Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")
Set mFSO = CreateObject("Scripting.FileSystemObject")
Set mTextFile = mFSO.OpenTextFile("c:\result.txt", 8, True)
For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            mTextFile.WriteLine(Folder.Name & " NOT INHERITS.")
        end if
    End If
   
Next
mTextFile.Close
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.