We help IT Professionals succeed at work.

Is there a way to view rights to all the folders on a drive

bosshognz asked
Last Modified: 2012-05-11
I am preparing to migrate data from a couple of Windows Server 2003 servers to a Server 2008 R2 server.
We have a lot of differing rights all over the 2003 server that will need to be recreated on the 2008R2 one and am looking at the best way to see what those rights are.
About 250GB of data, made up of maybe 5000 folders.

Thanks in advance
Watch Question

Hi,you can use the lsacl command from MKS toolkit
The info on the command is here

You can download the toolkit from here:

bosshognzIT Consultant


I've just had a look but that software seems to only talk about singular objects - at least on the page you linked.  I don't really want to look through each of the 5000 folders

There is a command named cacls which comes shipped in the the Microsoft resource kit.
It will display NTFS permissions on a directory tree.

And it comes already shipped in windows too
bosshognzIT Consultant


Hi mkrohn,

Once again this seems to only work on one folder at a time.  Our folders within the drive do have differing rights, but I don't know which folders have which rights. This is what I'm trying to discover.
This one is on us!
(Get your first solution completely free - no credit card required)

Hi, if you use cacls *.* it will show you all the folders
Most Valuable Expert 2019
Most Valuable Expert 2018

My favorite tool for this is the free DumpSec (http://www.systemtools.com/somarsoft/index.html)
Set the Permissions Report Options to not show the owner, and to "Show directories (not files) whose permissions differ ..." to create the most concise report possible.
Then there's also the (not free) Security Explorer from ScriptLogic (http://www.scriptlogic.com/products/security-explorer/)

But why recreate the permissions when you can just copy the files including security, for example with robocopy? I've used it without any problems for several migrations.
Some hints:
- robocopy will *by* *default* only copy files that aren't in the target already.
- If you want to do several sync runs, you can use /mir to delete files in the target that aren't in the source anymore.
- You might want to set /r (retry) and /w (wait) to something more useful in a LAN, like /r:2 /w:1.
- use /copyall to copy NTFS permissions as well.
- Check robocopy.doc in the ResKit installation folder (to run it, you actually only need robocopy.exe), it's a very useful documentation.
- You can safely use /nfl (no file list) and /ndl (no directory list) to reduce the log file size; errors will still be logged.
- Use /np if you're logging to a text file, otherwise the log will be filled with control characters.
- On W2k8, robocopy's already included.

Windows Server 2003 Resource Kit Tools
bosshognzIT Consultant


Got to love Sysinternals!  oBdA, yours looks like it might do the job as well, but Sysinternals doesn't require an installation nor any filters added.  It just does it, which is what I'm after.

Copy and paste may work and we may well do it for some folders, but we're looking at a fresh clean start here.  Trying to copy and paste as little legacy data over as possible.  And it its always good to make sure theres no leftover SIDs hanging around in security.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.