asked on

How can i audit DACL's, SACL's, ACE's etc...on an NTFS file server

Hello everyone,

I am currently trying to document everything I can about an Active Directory domain before I begin a migration. Very simply, Company A is being split into Company A and B, which are currently on a single forest AD domain and will be split into two seperate forests. I need to audit all of the (NTFS partitions of course) directories on all of the file servers and export all of the DACL's etc to a text file, excel file anything doesn't really matter. Anyone have experience with this, seen a VBScript or third party software that will do this? Any help is greatly appreciated.

haim96

http://www.microsoft.com/technet/scriptcenter/scripts/security/dacls/sedcvb01.mspx

you can start with this ... there is more on this site !

genoint

ASKER

as far as I can tell that script will only read a single file's DACL and doesnt export to a file. I actually need to parse a very large directory hirearchy and export the DACL's for all of the folders and files etc...

haim96

you need to add recorsive loop ,somthing like : on each file on folder get acls ....
but i think that it will be a limit for how deep the script can go .

haim96

somthing like this :
http://www.microsoft.com/technet/scriptcenter/scripts/storage/files/stfivb08.mspx

you can find it all in this site and compose the script you need.

genoint

ASKER

ok I will take a look and see if I can figure it out, leaving the office right now, thanks for the help...I am definitely not a vbscript expert so I will see what I can do over the weekend.

haim96

OK, i create somthing simple for you that will output the permission to files in specific folder.
there is some things that you need to set like the folder path and log file.
note it can produce very long log files and script for check the computer's files
could faild becouse of memroy issue. (i tried it and faild ... )

hope it will be useful for you. :)

'******************* start ******************************************
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

'********* set the folder to check *******************************
Set colFiles = objWMIService. ExecQuery("Select * from CIM_DataFile where Path = '\\FOLDERNAME\\'")

'********* create the LOG file for output ***********************
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile ("c:\files_log.txt", 8, True)

'********* read the files from folder ***************************

For Each objFile in colFiles
strFileName = objFile.NAME
objTextFile.WriteLine("permission for file: " & objFile.NAME )
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE = &h1

FILE_ALL_ACCESS = &h1f01ff
FILE_APPEND_DATA = &h000004
FILE_DELETE = &h010000
FILE_DELETE_CHILD = &h000040
FILE_EXECUTE = &h000020
FILE_READ_ATTRIBUTES = &h000080
FILE_READ_CONTROL = &h020000
FILE_READ_DATA = &h000001
FILE_READ_EA = &h000008
FILE_SYNCHRONIZE = &h100000
FILE_WRITE_ATTRIBUTES = &h000100
FILE_WRITE_DAC = &h040000
FILE_WRITE_DATA = &h000002
FILE_WRITE_EA = &h000010
FILE_WRITE_OWNER = &h080000

Set objWMIService = GetObject("winmgmts:")
Set objFileSecuritySettings = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFileName & "'")
intRetVal = objFileSecuritySettings.GetSecurityDescriptor(objSD)

intControlFlags = objSD.ControlFlags

If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
objTextFile.WriteLine( objACE.Trustee.Domain & "\" & objACE.Trustee.Name)
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
objTextFile.WriteLine( vbTab & "Allowed:")
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
objTextFile.WriteLine( vbTab & "Denied:")
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_ALL_ACCESS ")
End If
If objACE.AccessMask AND FILE_APPEND_DATA Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_APPEND_DATA ")
End If
If objACE.AccessMask AND FILE_DELETE Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_DELETE ")
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_DELETE_CHILD ")
End If
If objACE.AccessMask AND FILE_EXECUTE Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_EXECUTE ")
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_READ_ATTRIBUTES ")
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_READ_CONTROL ")
End If
If objACE.AccessMask AND FILE_READ_DATA Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_READ_DATA ")
End If
If objACE.AccessMask AND FILE_READ_EA Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_READ_EA ")
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_SYNCHRONIZE ")
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_WRITE_ATTRIBUTES ")
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_WRITE_DAC ")
End If
If objACE.AccessMask AND FILE_WRITE_DATA Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_WRITE_DATA ")
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_WRITE_EA ")
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
objTextFile.WriteLine( vbTab & vbTab & "FILE_WRITE_OWNER ")
End If
Next
Else
objTextFile.WriteLine( "No DACL present in security descriptor")
End If
Next
'************************** end ******************************************

ASKER CERTIFIED SOLUTION

haim96

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

genoint

ASKER

Thanks for all of the help guys, that resource kit tool is exactly what I need.

haim96

great , chears ... :)