?
Solved

XCACLS and dumping results to a text file

Posted on 2009-05-04
3
Medium Priority
?
2,204 Views
Last Modified: 2013-12-05
I am working on a security audit and we would like to take the results from XCACLS and dump them into a text file.

Thanks to another post here, I found a the code below at the following link:  http://windowsitpro.com/article/articleid/84696/jsi-tip-9901-how-can-i-enumerate-the-folder-permissions-on-a-drive-or-folder-in-csv-format.html

This works great but the only question I have is, how do I modify the batch so that it includes files aswell as folders?

Thanks,
Nancy
@echo off
if {%1}=={} @echo Syntax: TreePerm DriveOrFolder&goto :EOF
if not exist %1 @echo Syntax: TreePerm %1 does NOT exist.&goto :EOF
setlocal
set obj=%1
set XCACLS=""
for /f "Tokens=*" %%F in ('@echo XCACLS.VBS') do (
 If "%%~dp$PATH:F" NEQ "" set XCACLS="%%~dp$PATH:F%%~F"
)
if %XCACLS% EQU "" @echo Syntax: TreePerm - XCACLS NOT in PATH&endlocal&goto :EOF 
for /f "Skip=2 Tokens=*" %%a in ('cscript //nologo %XCACLS% %obj% /T /S^|find "\"') do (
 set line=%%a
 call :parse
)
endlocal
goto :EOF
:parse
if "%line:~0,10%" EQU "Directory:" set fPath="%line:~11%"&goto :EOF
if "%line:~0,6%" EQU "Owner:" set fPath=""&goto :EOF
set type="%line:~0,7%"
set type=%type: "="%
set Usr="%line:~9,23%"
set Usr=%Usr:  =%
set Usr=%Usr: "="%
set Perm="%line:~33,22%"
set Perm=%Perm:  =%
set Perm=%Perm: "="%
set Perm=%Perm:(=[%
set Perm=%Perm:)=]%
set Perm=%Perm:,=%
set Inherit="%line:~55%"
set Inherit=%Inherit:  =%
set Inherit=%Inherit: "="%
set Inherit=%Inherit:,=%
@echo %fPath%,%type%,%Usr%,%perm%,%Inherit%

Open in new window

0
Comment
Question by:fuzzysneekers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1000 total points
ID: 24299060
There are tools that make this a bit easier, for example by offering the ability to only show permissions for folders that differ from the parent, and by being faster than xcacls.vbs.
My favorite tool for this is the free DumpSec (http://www.systemtools.com/somarsoft/index.html)
You can set the Permissions Report Options to not show the owner, and to "Show directories (not files) whose permissions differ ..." to create the most concise report possible.
Save it one time in native format so that you can open it again and save it in a different format if you need to, then you can save it as csv file.
There are some other free tools from Sysinternals:
- AccessChk (http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx)
- AccessEnum (http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx)
- ShareEnum (http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx)
Or the Security Explorer from ScriptLogic (http://www.scriptlogic.com/products/security-explorer/) (not free)
0
 

Author Comment

by:fuzzysneekers
ID: 24305086
Hi oBdA,

I looked at the Sysinternals tools but I want to be able to split the path from the final folder and/or file name.  Unfortunately, these don't do that.

I took a look at DumpSec and it looks like it will work.  I only have a few questions about the reporting that I am hoping you can answer:

1 - When it shows what looks like a HEX code instead of permissions (I have a view that show ax00000004 and ax00000002), what does this mean?
2 - Is there any way to have it split the file name from the path?

This tool provides enough information that I think I can forgo splitting the path but that would be nice.

Thanks for the tip!
Nancy
0
 
LVL 85

Expert Comment

by:oBdA
ID: 24305292
When you see hex codes, it means that the permissions are not the "standard" ones, but a combination that can't be listed with the usual RXW etc. You can check the folder for the permission combination that's actually configured.
DumpSec can't split the file name by itself, but once you have it in Excel, it shouldn't be too difficult to create a macro that parses the path and splits it; a folder path ends with a backslash, a file name doesn't, and in the latter case, the rightmost string after the last backslash is the file name.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question