Solved

Query for ACLs on a file server

Posted on 2009-04-14
3
355 Views
Last Modified: 2013-12-04
I'm cleaning up all Windows groups associated with a SQL Server database application.  I've verified that I can safely deleted GroupX without any loss of of SQL Server functionality.  However, the application is also associated with thousands of files on the same server, and GroupX may have explicit permissions to some of these files.  Obviously, inspecting each file for GroupX permissions isn't feasible.  Is there a way to query the GroupX ACLs?
0
Comment
Question by:jdana
3 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 24136381

Sure. Install Windows PowerShell (should be under Features in Server Manager), then you can run this (copy and paste after you fix the security principal and base path values.

Chris
# Object name to look for in each access control list
$SecurityPrincipal = "GroupX"
# Starting path
$BasePath = "C:\"
 
# Something to hold the results
$Entries = @()
ForEach ($Entry in (ls -r $BasePath)) {
  If ((Get-ACL -Path $Entry.FullName).Access | `
    ?{ $_.IdentityReference -match $SecurityPrincipal -And $_.IsInherited -eq $False }) { 
      $Entries += $Entry | Select-Object * 
  }
}
# Display the results as a table
$Entries | Format-Table FullName, Name, PSIsContainer, LastAccessTime
# Export Results to a CSV File
$Entries | Export-CSV "Results.csv"

Open in new window

0
 
LVL 2

Assisted Solution

by:gurpreetchhabra
gurpreetchhabra earned 125 total points
ID: 24137099
Or simply try DumpSec GUI based tool to export permissions from a specified root directory, export the result to csv file. Open in excel and filter all results for GroupX.
0
 

Author Closing Comment

by:jdana
ID: 31569822
Both option work great!  Thanks!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question