meciab
asked on
List ACL from a file server: how to avoid execution error if I don't have read rights on some folders?
Hi all,
I need to know all the ntfs rights of all folders on a file server for migration purposes.
There are some folders where it seems I don't have the right to read acl, so the script crashes at run time (after several hours).
Can you guys help me add to the following script the error control/ acl test/whatever so the script just bypasses folders where I don't have the rights?
Thanks
I need to know all the ntfs rights of all folders on a file server for migration purposes.
There are some folders where it seems I don't have the right to read acl, so the script crashes at run time (after several hours).
Can you guys help me add to the following script the error control/ acl test/whatever so the script just bypasses folders where I don't have the rights?
Thanks
Set FSO = CreateObject("Scripting.FileSystemObject")
ShowSubfolders FSO.GetFolder("d:\")
Sub ShowSubFolders(Folder)
On Error Resume Next
For Each Subfolder in Folder.SubFolders
acl Subfolder.Path
ShowSubFolders Subfolder
Next
End Sub
Function acl(folder)
On Error Resume Next
strFolderName = folder
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE = &h1
FILE_ALL_ACCESS = &h1f01ff
FOLDER_ADD_SUBDIRECTORY = &h000004
FILE_DELETE = &h010000
FILE_DELETE_CHILD = &h000040
FOLDER_TRAVERSE = &h000020
FILE_READ_ATTRIBUTES = &h000080
FILE_READ_CONTROL = &h020000
FOLDER_LIST_DIRECTORY = &h000001
FILE_READ_EA = &h000008
FILE_SYNCHRONIZE = &h100000
FILE_WRITE_ATTRIBUTES = &h000100
FILE_WRITE_DAC = &h040000
FOLDER_ADD_FILE = &h000002
FILE_WRITE_EA = &h000010
FILE_WRITE_OWNER = &h080000
Set objWMIService = GetObject("winmgmts:")
Set objFolderSecuritySettings = _
objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName & "'")
intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
permission = strFolderName & ";"
permission = permission & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & ";"
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
permission = permission & "Allowed:" & ";"
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
permission = permission & "Denied:" & ";"
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
permission = permission & "FILE_ALL_ACCESS " & ";"
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
permission = permission & " FOLDER_ADD_SUBDIRECTORY " & ";"
End If
If objACE.AccessMask AND FILE_DELETE Then
permission = permission & "FILE_DELETE " & ";"
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
permission = permission & "FILE_DELETE_CHILD " & ";"
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
permission = permission & " FOLDER_TRAVERSE " & ";"
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
permission = permission & "FILE_READ_ATTRIBUTES " & ";"
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
permission = permission & "FILE_READ_CONTROL " & ";"
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
permission = permission & " FOLDER_LIST_DIRECTORY " & ";"
End If
If objACE.AccessMask AND FILE_READ_EA Then
permission = permission & "FILE_READ_EA " & ";"
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
permission = permission & "FILE_SYNCHRONIZE " & ";"
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
permission = permission & "FILE_WRITE_ATTRIBUTES " & ";"
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
permission = permission & "FILE_WRITE_DAC " & ";"
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
permission = permission & " FOLDER_ADD_FILE " & ";"
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
permission = permission & "FILE_WRITE_EA " & ";"
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
permission = permission & "FILE_WRITE_OWNER " & ";"
End If
WScript.Echo permission
Next
Else
WScript.Echo "No DACL present in security descriptor"
End If
acl = 1
End Function
ASKER
Yeah that's why I don't understand.
It crashes when trying to open a folder where I don't have the rights, I suppose in the recursive subfolder browse. The thing is, it's a huge file server and I don't know how many folders will cause the issue so I don't want to bypass a specific one, I want it to bypass all possible read errors...
It crashes when trying to open a folder where I don't have the rights, I suppose in the recursive subfolder browse. The thing is, it's a huge file server and I don't know how many folders will cause the issue so I don't want to bypass a specific one, I want it to bypass all possible read errors...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Moving On error Resume Next to the top worked.
Thanks
Thanks
You already have On Error Resume Next covering most of the script. Where does it crash?
Chris