Link to home
Create AccountLog in
Avatar of lpenrod
lpenrod

asked on

Inheritable Permissions

Are there any tools such as Subinacl or SetACL that will show me the places in my file system that Inheritable Permissions has been disabled?

If so, what is the syntax?
Avatar of Brian
Brian
Flag of United States of America image

Take a look at SysInternal's AccessEnum for this - http://www.sysinternals.com/Utilities/AccessEnum.html

The great thing, it's free!!!

Brian
Avatar of lpenrod
lpenrod

ASKER

I don't see where it shows that inheritance has been blocked.
I was thinking something a little different.  It won't show you specifically if inheritance is broken but it will show you permissions that are different then the parent which is the result of inhertance being blocked.  

It's not easy but if you click on Options and then select "Display files with permissions that differ from parent".

Brian
You should be able to use the fileacl.exe utility.  I'm working on syntax...
Hiya,

hust create a text file, edit it and copy the next script into, rename it to check.vbs and just double click on it. This checks if the inheritance check box has been cleared. Hope is handy.

Cheers
Pino

Computer = "."
Set objWMI = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")

Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")

For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = _
        objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            WScript.Echo Folder.Name & " NOT INHERITS."
        End If
    End If
Next
Pretty nice script.  How could you output it to a file though?

Brian
Just modify it in this way:

Computer = "."
Set objWMI = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & Computer & "\root\cimv2")

Set Folders = objWMI.ExecQuery("Select * from Win32_Directory")

Set mFSO = CreateObject("Scripting.FileSystemObject")
Set mTextFile = mFSO.OpenTextFile("c:\result.txt", 8, True)

For Each Folder in Folders
    Set objWMI = GetObject("winmgmts:")
    Set FolderSecuritySettings = _
        objWMI.Get("Win32_LogicalFileSecuritySetting='" & Folder.Name & "'")
    RetVal = FolderSecuritySettings.GetSecurityDescriptor(SD)
    ControlFlags = SD.ControlFlags
    If ControlFlags AND 4 Then
        If ControlFlags AND 4096 Then
            mTextFile.WriteLine(Folder.Name & " NOT INHERITS.")
    End If
Next
mTextFile.Close
Avatar of lpenrod

ASKER

I have tried the last script on several machines.
It runs for a while and then gives the error:
Windows Script Host
Script: C:\test.vbs
Line: 12
Char: 5
Error: Invalid object path
Code: 8004103A
Source: SWbemServicesEx
ASKER CERTIFIED SOLUTION
Avatar of Giuseppe 'Pino' De Francesco
Giuseppe 'Pino' De Francesco
Flag of Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer