List ACL from a file server: how to avoid execution error if I don't have read rights on some folders?

Hi all,

I need to know all the ntfs rights of all folders on a file server for migration purposes.
There are some folders where it seems I don't have the right to read acl, so the script crashes at run time (after several hours).

Can you guys help me add to the following script the error control/ acl test/whatever so the script just bypasses folders where I don't have the rights?

Thanks
Set FSO = CreateObject("Scripting.FileSystemObject")
ShowSubfolders FSO.GetFolder("d:\")

Sub ShowSubFolders(Folder)
    On Error Resume Next
    For Each Subfolder in Folder.SubFolders
        acl Subfolder.Path
        ShowSubFolders Subfolder
    Next
End Sub

Function acl(folder)
    On Error Resume Next
    strFolderName = folder
    
    SE_DACL_PRESENT = &h4
    ACCESS_ALLOWED_ACE_TYPE = &h0
    ACCESS_DENIED_ACE_TYPE  = &h1
    
    FILE_ALL_ACCESS         = &h1f01ff
    FOLDER_ADD_SUBDIRECTORY = &h000004
    FILE_DELETE             = &h010000
    FILE_DELETE_CHILD       = &h000040
    FOLDER_TRAVERSE         = &h000020
    FILE_READ_ATTRIBUTES    = &h000080
    FILE_READ_CONTROL       = &h020000
    FOLDER_LIST_DIRECTORY   = &h000001
    FILE_READ_EA            = &h000008
    FILE_SYNCHRONIZE        = &h100000
    FILE_WRITE_ATTRIBUTES   = &h000100
    FILE_WRITE_DAC          = &h040000
    FOLDER_ADD_FILE         = &h000002
    FILE_WRITE_EA           = &h000010
    FILE_WRITE_OWNER        = &h080000
    
    Set objWMIService = GetObject("winmgmts:")
    Set objFolderSecuritySettings = _
    objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName & "'")
    intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
    
    intControlFlags = objSD.ControlFlags
    
    If intControlFlags AND SE_DACL_PRESENT Then
       arrACEs = objSD.DACL
       For Each objACE in arrACEs
          permission = strFolderName & ";"
          permission =  permission & objACE.Trustee.Domain & "\" & objACE.Trustee.Name & ";"
          
          If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
             permission =  permission & "Allowed:" & ";"
          ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
             permission =  permission & "Denied:" & ";"
          End If
          If objACE.AccessMask AND FILE_ALL_ACCESS Then
             permission =  permission &  "FILE_ALL_ACCESS " & ";"
          End If
          If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
             permission =  permission &  " FOLDER_ADD_SUBDIRECTORY " & ";"
          End If
          If objACE.AccessMask AND FILE_DELETE Then
             permission =  permission &  "FILE_DELETE " & ";"
          End If
          If objACE.AccessMask AND FILE_DELETE_CHILD Then
             permission =  permission &   "FILE_DELETE_CHILD " & ";"
          End If
          If objACE.AccessMask AND FOLDER_TRAVERSE Then
             permission =  permission & " FOLDER_TRAVERSE " & ";"
          End If
          If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
             permission =  permission &  "FILE_READ_ATTRIBUTES " & ";"
          End If
          If objACE.AccessMask AND FILE_READ_CONTROL Then
             permission =  permission &  "FILE_READ_CONTROL " & ";"
          End If
          If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
             permission =  permission &  " FOLDER_LIST_DIRECTORY " & ";"
          End If
          If objACE.AccessMask AND FILE_READ_EA Then
             permission =  permission &  "FILE_READ_EA " & ";"
          End If
          If objACE.AccessMask AND FILE_SYNCHRONIZE Then
             permission =  permission &  "FILE_SYNCHRONIZE " & ";"
          End If
          If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
             permission =  permission & "FILE_WRITE_ATTRIBUTES " & ";"
          End If
          If objACE.AccessMask AND FILE_WRITE_DAC Then
             permission =  permission &  "FILE_WRITE_DAC " & ";"
          End If
          If objACE.AccessMask AND FOLDER_ADD_FILE Then
             permission =  permission &  " FOLDER_ADD_FILE " & ";"
          End If
          If objACE.AccessMask AND FILE_WRITE_EA Then
             permission =  permission &  "FILE_WRITE_EA " & ";"
          End If
          If objACE.AccessMask AND FILE_WRITE_OWNER Then
             permission =  permission &  "FILE_WRITE_OWNER " & ";"
          End If
          WScript.Echo permission
       Next
    Else
       WScript.Echo "No DACL present in security descriptor"
    End If
    acl = 1
End Function

Open in new window

meciabAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

You already have On Error Resume Next covering most of the script. Where does it crash?

Chris
meciabAuthor Commented:
Yeah that's why I don't understand.
It crashes when trying to open a folder where I don't have the rights, I suppose in the recursive subfolder browse. The thing is, it's a huge file server and I don't know how many folders will cause the issue so I don't want to bypass a specific one, I want it to bypass all possible read errors...
Chris DentPowerShell DeveloperCommented:

You could just add On Error Resume Next to the top of your script (so it applies to the entire script) and remove the other two. But it really depends on exactly how it's crashing, does it display an error message?

Chris

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
meciabAuthor Commented:
Moving On error Resume Next to the top worked.
Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.