Solved

Query for ACLs on a file server

Posted on 2009-04-14
3
357 Views
Last Modified: 2013-12-04
I'm cleaning up all Windows groups associated with a SQL Server database application.  I've verified that I can safely deleted GroupX without any loss of of SQL Server functionality.  However, the application is also associated with thousands of files on the same server, and GroupX may have explicit permissions to some of these files.  Obviously, inspecting each file for GroupX permissions isn't feasible.  Is there a way to query the GroupX ACLs?
0
Comment
Question by:jdana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 24136381

Sure. Install Windows PowerShell (should be under Features in Server Manager), then you can run this (copy and paste after you fix the security principal and base path values.

Chris
# Object name to look for in each access control list
$SecurityPrincipal = "GroupX"
# Starting path
$BasePath = "C:\"
 
# Something to hold the results
$Entries = @()
ForEach ($Entry in (ls -r $BasePath)) {
  If ((Get-ACL -Path $Entry.FullName).Access | `
    ?{ $_.IdentityReference -match $SecurityPrincipal -And $_.IsInherited -eq $False }) { 
      $Entries += $Entry | Select-Object * 
  }
}
# Display the results as a table
$Entries | Format-Table FullName, Name, PSIsContainer, LastAccessTime
# Export Results to a CSV File
$Entries | Export-CSV "Results.csv"

Open in new window

0
 
LVL 2

Assisted Solution

by:gurpreetchhabra
gurpreetchhabra earned 125 total points
ID: 24137099
Or simply try DumpSec GUI based tool to export permissions from a specified root directory, export the result to csv file. Open in excel and filter all results for GroupX.
0
 

Author Closing Comment

by:jdana
ID: 31569822
Both option work great!  Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Kaspersky Security 9.0 for Exchange Server Issue 4 38
Avast Internet Security blocking QuickBooks 2017 email 10 124
GPO on certain users 17 36
Best in class privacy policy 6 51
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question