Solved

Want the user names of all folders in all drives in a machine to a file. All security permission users.Of non shared folders.

Posted on 2008-09-30
30
237 Views
Last Modified: 2010-04-16
Hi,

Want the user names of all folders in all drives in a machine to a file. All security permission users.

All the shares in my file server are removed and have given shares only to people who have asked for. Now i have say 100 + folders in 5 + drives that are not shared and no one has come for it.
Now each folder when i go to Properties > Security can see a lot of user names. So need these user names into a file.So i can send them mails on they requiring it or can be deleted. So is there a way a scriopt runs on all folders that are not shared and gets the data as this.


Folder Name    Drive Name\Folder Name          Security permissions USer names.

Attached a sample script that does the exact and much more for folders that are shared. But in this case need for NON shares in all drives in the machine.

Regards
Sharath
SETLOCAL ENABLEDELAYEDEXPANSION

Set FieldDelimiter=,

Set ServerAccessCSV=C:\ShareNTFSPermissionsLog-%ComputerName%.CSV

 

ECHO "Folder Name"%FieldDelimiter%"UNC Path"%FieldDelimiter%"Local drive path"%FieldDelimiter%"Drive Letter"%FieldDelimiter%"Folder Size"%FieldDelimiter%"Number of Root folders"%FieldDelimiter%"Share permission"%FieldDelimiter%"Permission"%FieldDelimiter%"Security permission"%FieldDelimiter%"Permission">"%ServerAccessCSV%"

 

 

for /f "tokens=1 delims=:" %%a in ('rmtshare \\%ComputerName%^| find /v /i "default share" ^| find /v /i "Remote admin" ^| find /v /i "Remote IPC" ^| FIND ":"') DO (

    set Share=%%a

    set Share=!Share:~0,-2!

    For /l %%z in (1,1,30) DO if "!Share:~-1!" == " " Set Share=!Share:~0,-1!

 

    Set Comments=

    FOR /f "tokens=1,*" %%b in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "Remark"') DO Set Comments=%%c

 

 

    FOR /f "tokens=1,*" %%b in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "Path"') DO (

        Set SharePath=%%c

        Set FolderSeparator=

        For /l %%z in (1,1,100) DO (

            if "!SharePath:~-%%z,1!" == "\" Set FolderSeparator=Found

            if "!SharePath:~-%%z!" NEQ "\" IF NOT Defined FolderSeparator Set Folder=!SharePath:~-%%z!

        )

 

        Set SharePerm=

        FOR /f "Tokens=1 delims=: " %%i in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i " : "') DO Set SharePerm=!SharePerm!#%%i#

        Set FirstAccount=

        for /f "tokens=*" %%d in ('cacls "%%c" ^| find ":" ^| find /v /i "Creator Owner" ^| FIND /v /i "BUILTIN" ^| FIND /v /i "NT AUTHORITY" ^| FIND /v /i "Special access"') do (

            Set FolderPerm=%%d

            Set FolderPerm=!FolderPerm:%%c =!

            for /f "tokens=1,2,* delims=:\" %%f in ('ECHO !FolderPerm!') do (

                Set Access=%%h

                Set Access=!Access:~-2!

                Set Access=!Access:~0,1!

                Set FolderSharePerm="%FieldDelimiter%"

                ECHO !SharePerm! | FIND /i "%%f\%%g"

                IF NOT ERRORLEVEL 1 FOR /f "Tokens=2,3 delims=\: " %%i in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "%%f\%%g"') DO Set FolderSharePerm=%%i"%FieldDelimiter%"%%j && Set SharePerm=!SharePerm:#%%f\%%g#=!

                IF !FolderSharePerm! == "%FieldDelimiter%" IF "!SharePerm!" NEQ "" (

                    FOR /f "tokens=1 delims=#" %%k in ('echo !SharePerm!') do (

                        If /i "%%k" == "\Everyone" (

                            FOR /f "Tokens=1,2 delims=\: " %%i in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "%%k"') DO Set FolderSharePerm=%%i"%FieldDelimiter%"%%j

                        ) Else (

                            FOR /f "Tokens=2,3 delims=\: " %%i in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "%%k"') DO Set FolderSharePerm=%%i"%FieldDelimiter%"%%j

                        )

     

                        Set SharePerm=!SharePerm:#%%k#=!

                    )

                )

                FOR /f "Tokens=*" %%i in ('dir "\\%ComputerName%\!Share!" /ad /b ^| find /c /v ""') DO Set NoSubFolder=%%i

                FOR /f "Tokens=3 delims= " %%i in ('dir "\\%ComputerName%\!Share!" /s ^| find /i "file(s)"') DO Set FolderSize=%%i

                

                ECHO !FolderSharePerm!

                IF NOT DEFINED FirstAccount (

                    ECHO "!Folder!"%FieldDelimiter%"\\%ComputerName%\!Share!"%FieldDelimiter%"!Comments!"%FieldDelimiter%"!SharePath!"%FieldDelimiter%"!SharePath:~0,1!"%FieldDelimiter%"!FolderSize!"%FieldDelimiter%"!NoSubFolder!"%FieldDelimiter%"!FolderSharePerm!"%FieldDelimiter%"%%g"%FieldDelimiter%"!Access!">>"%ServerAccessCSV%"

                    SET FirstAccount=%%g

                ) ELSE (

                    ECHO ""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%"!FolderSharePerm!"%FieldDelimiter%"%%g"%FieldDelimiter%"!Access!">>"%ServerAccessCSV%"

                )

            )

        )

 

:AnotherShare

        IF "!SharePerm!" NEQ "" (

            FOR /f "tokens=1 delims=#" %%k in ('echo !SharePerm!') do (

                If /i "%%k" == "\Everyone" (

                    FOR /f "Tokens=1,2 delims=\: " %%i in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "%%k"') DO Set FolderSharePerm=%%i"%FieldDelimiter%"%%j

                ) Else (

                    FOR /f "Tokens=2,3 delims=\: " %%i in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "%%k"') DO Set FolderSharePerm=%%i"%FieldDelimiter%"%%j

                )

 

                ECHO ""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%""%FieldDelimiter%"!FolderSharePerm!"%FieldDelimiter%""%FieldDelimiter%"">>"%ServerAccessCSV%"

                Set SharePerm=!SharePerm:#%%k#=!

                IF "!SharePerm!" NEQ "" goto :AnotherShare

            )

        )

    )

)

Open in new window

0
Comment
Question by:bsharath
  • 15
  • 11
  • 4
30 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 22605817
Question:  Why script this since windows' cacls.exe would output all this to a text file for you anyway....?
0
 
LVL 11

Author Comment

by:bsharath
ID: 22605861
Ok can you tell me how?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22606140
This would dump all of the permissions of the c drive to a file called list.txt

cacls c:\*.* /t > c:\list.txt

0
 
LVL 11

Author Comment

by:bsharath
ID: 22606198
I get this


C:\>cacls D:\*.* /t > D:\list.txt
Access is denied.

C:\>cacls c:\*.* /t > D:\list.txt
The process cannot access the file because it is being used by another process.

C:\>cacls c:\*.* /t > c:\list.txt
The process cannot access the file because it is being used by another process.

Should i download "Cacls"
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22606233
That would mean the user ID you are using does not have access to read the d:\   root directory.    

You should really run this with some admin rights.
0
 
LVL 11

Author Comment

by:bsharath
ID: 22606304
Yes got it but this is too complicated. I need to run on drives which are 1 TB and more and doing this will dump results of all folders and files. Any way to get just the folders and only folders that are not shared. So i have less results to query on.

Each drive has 1 TB of data and each drive has 100 + folders. In which 50 + are shared. So a script if can query for just Non shared folders then i would have less results to query on...
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 22627111
Ohhh..   Then just use sysinternals Accessenum
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

This will do what you want I think and lets you save out the list as a txt.  



0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22669487
Just root folders?
0
 
LVL 11

Author Comment

by:bsharath
ID: 22669572
Yes only root Folders in all drives in the machines.
In one case i want the report for all folders root folders within a folder.
Like
D:\Development
Within this i have 100+ folder which were shared before but now they are not shared.

Any report in this script in 2 cases. One is all root folder in all drives and another case all folders root in 1 folder.
Only folders that are not shared and security users alone.
If i can get the way you gave me some time ago for shared folders. If a nested group then even members of that groups too...
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22669649
OK. So you will specify a list of root folders to search?

D:\Development
D:\Production
E:\Sandbox
F:
0
 
LVL 11

Author Comment

by:bsharath
ID: 22669868
No...
The script has to scan any folder in the root of each drive that are not shared.
Any folder that's not shared has to be scanned
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22670557
So you specify the drive letter to search the root folders?

D:
E:
F:
0
 
LVL 11

Author Comment

by:bsharath
ID: 22670596
Ok i can specify.
0
 
LVL 21

Accepted Solution

by:
AmazingTech earned 500 total points
ID: 22670881
Give this a try and see if it produces what you want.
We can look at including the nested groups and members if it looks OK.

SETLOCAL ENABLEDELAYEDEXPANSION

Set RootFolderList=D:,E:,F:

Set FieldDelimiter=,

Set ServerAccessCSV=C:\NonSharedNTFSPermissionsLog-%ComputerName%.CSV

 

ECHO "Folder Name"%FieldDelimiter%"Local drive path"%FieldDelimiter%"Security permission"%FieldDelimiter%"Permission">"%ServerAccessCSV%"

 

 

:NextFolder

for /f "tokens=1,* delims=," %%a in ('ECHO !RootFolderList!') DO (

    Set RootFolderList=%%b

    for /f "tokens=*" %%c in ('dir /ad /b "%%a\"') DO (

        Set IsShared=

        for /f "tokens=1 delims=:" %%d in ('rmtshare \\%ComputerName%^| find /v /i "default share" ^| find /v /i "Remote admin" ^| find /v /i "Remote IPC" ^| FIND ":"') DO (

            set Share=%%d

            set Share=!Share:~0,-2!

            For /l %%z in (1,1,30) DO if "!Share:~-1!" == " " Set Share=!Share:~0,-1!

            FOR /f "tokens=1,*" %%e in ('rmtshare \\%ComputerName%\"!Share!" ^| FIND /i "Path"') DO IF /I "%%f" == "%%a\%%c" SET IsShared=True

        )

        IF NOT Defined IsShared (

                Set FirstAccount=

                for /f "tokens=*" %%g in ('cacls "%%a\%%c" ^| find ":" ^| find /v /i "Creator Owner" ^| FIND /v /i "BUILTIN" ^| FIND /v /i "NT AUTHORITY" ^| FIND /v /i "Special access"') do (

                    Set FolderPerm=%%g

                    Set FolderPerm=!FolderPerm:%%a\%%c =!

                    for /f "tokens=1,2,* delims=:\" %%f in ('ECHO !FolderPerm!') do (

                        Set Access=%%h

                        Set Access=!Access:~-2!

                        Set Access=!Access:~0,1!

                        If /i "%%f" == "Everyone" (

                            Set FolderSharePerm=%%f

                            Set Access=%%g

                        ) Else (

                            Set FolderSharePerm=%%f\%%g                            

                        )

                    )

 

                    IF NOT DEFINED FirstAccount (

                        ECHO "%%c"%FieldDelimiter%"%%a\%%c"%FieldDelimiter%"!FolderSharePerm!"%FieldDelimiter%"!Access!">>"%ServerAccessCSV%"

                        SET FirstAccount=!FolderSharePerm!

                    ) ELSE (

                        ECHO ""%FieldDelimiter%""%FieldDelimiter%"!FolderSharePerm!"%FieldDelimiter%"!Access!">>"%ServerAccessCSV%"

                    )

                )

            )

        )
 

    )
 

)

IF DEFINED RootFolderList GOTO NextFolder

Open in new window

0
 
LVL 11

Author Comment

by:bsharath
ID: 22671067
I get this

---------------------------
Windows Script Host
---------------------------
Script:      D:\AT Groups.vbs
Line:      3
Char:      20
Error:      Syntax error
Code:      800A03EA
Source:       Microsoft VBScript compilation error

---------------------------
OK  
---------------------------

If the code has D E & F and the drives are not available also i get an error.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 21

Expert Comment

by:AmazingTech
ID: 22671105
DOS batch file
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22671109
Modify the Set RootFolderList with valid available drives.
0
 
LVL 11

Author Comment

by:bsharath
ID: 22671119
I have the line as this
Set RootFolderList=D:
Its a vista machine where i am checking and i think its not accepting D drive directly
0
 
LVL 11

Author Comment

by:bsharath
ID: 22671132
Sorry was trying it as a vbs now it gets me the results file.
But i queries the shared folders not nonshared folders.

I want it to query any folders in the drive that are not shared.
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22671162
Should be non shared.
0
 
LVL 11

Author Comment

by:bsharath
ID: 22671190
Does it need this file "Rmtshare"?
I put this file in the same drive where the script is and ran the script and the csv is blank without any results just the headers are created...
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22671383
Yes RMTSHARE is required.

Is your root drive shared other than the administrative hidden share?

To view your shares Run:
RMTSHARE \\%ComputerName%
0
 
LVL 11

Author Comment

by:bsharath
ID: 22671426
I get this

D:\>RMTSHARE \\%ComputerName%

Share name   Resource                        Remark

-------------------------------------------------------------------------------
ADMIN$       C:\Windows                      Remote Admin
C$           C:\                             Default share
D$           D:\                             Default share
IPC$                                         Remote IPC
print$       C:\Windows\system32\spool\dr... Printer Drivers
Screen Shots C:\Screen Shots

ZipFilesprotected D:\ZipFilesprotected

The command completed successfully.


They are not shared and will not be. Only the administive share is enabled.
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22671516
Can you post your batch file?
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22671556
You only have 2 shares on this computer.

Screen Shots C:\Screen Shots
ZipFilesprotected D:\ZipFilesprotected

So when you do D: all folders except ZipFilesProtected should show up in the CSV.
0
 
LVL 11

Author Comment

by:bsharath
ID: 22675321
Yes you are right.. Other than ZipFilesprotected all the other folders has to come into the CSV
0
 
LVL 21

Expert Comment

by:AmazingTech
ID: 22675633
So that is what you want correct?

Give it a try on your server and see if you get the same results.
0
 
LVL 11

Author Comment

by:bsharath
ID: 22675730
Thank U AT worked perfect any help with the other posts...
0
 
LVL 11

Author Comment

by:bsharath
ID: 22694902
0
 
LVL 11

Author Comment

by:bsharath
ID: 22713787
AT any help with the above posts...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now