• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 378
  • Last Modified:

Query for ACLs on a file server

I'm cleaning up all Windows groups associated with a SQL Server database application.  I've verified that I can safely deleted GroupX without any loss of of SQL Server functionality.  However, the application is also associated with thousands of files on the same server, and GroupX may have explicit permissions to some of these files.  Obviously, inspecting each file for GroupX permissions isn't feasible.  Is there a way to query the GroupX ACLs?
0
jdana
Asked:
jdana
2 Solutions
 
Chris DentPowerShell DeveloperCommented:

Sure. Install Windows PowerShell (should be under Features in Server Manager), then you can run this (copy and paste after you fix the security principal and base path values.

Chris
# Object name to look for in each access control list
$SecurityPrincipal = "GroupX"
# Starting path
$BasePath = "C:\"
 
# Something to hold the results
$Entries = @()
ForEach ($Entry in (ls -r $BasePath)) {
  If ((Get-ACL -Path $Entry.FullName).Access | `
    ?{ $_.IdentityReference -match $SecurityPrincipal -And $_.IsInherited -eq $False }) { 
      $Entries += $Entry | Select-Object * 
  }
}
# Display the results as a table
$Entries | Format-Table FullName, Name, PSIsContainer, LastAccessTime
# Export Results to a CSV File
$Entries | Export-CSV "Results.csv"

Open in new window

0
 
gurpreetchhabraCommented:
Or simply try DumpSec GUI based tool to export permissions from a specified root directory, export the result to csv file. Open in excel and filter all results for GroupX.
0
 
jdanaAuthor Commented:
Both option work great!  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now