Solved

Batch file to extract 'Security' on a Folder

Posted on 2011-09-12
10
387 Views
Last Modified: 2012-05-12
Hi Guys,

I need some help with extracting the 'Security' information on a Shared folder.

So I need a script which extracts:

1. Security Groups on the Folder
2. In addition, the members of the concerned groups.

Cheers.
0
Comment
Question by:japitsolution
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 3

Expert Comment

by:tumtum73
ID: 36528455
You'll want to use a tool called SubInACL (link below).

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23510

You type the following command to extract the permissions for the entire C: drive toa file called perms.txt:

subinacl /noverbose /output=c:\perms.txt /subdirectories c:\*.*

If you find later that permissions have been changed and you want to change them back, you can type:

setacl /playfile c:\perms.txt

and the process will attempt to set them back.
0
 
LVL 3

Expert Comment

by:tumtum73
ID: 36528458
the second command should be:

subinacl /playfile c:\perms.txt
0
 

Author Comment

by:japitsolution
ID: 36532845
Well I prefer either an portable tool or a command base script. I cannot make the below changes on the server:

1. Install a Program
2. Make changes to permissions/security on a folder.

Hence the above solution is not appropriate.

Any other suggestions?
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 4

Expert Comment

by:artsec
ID: 36533465
Hello, you can use CACLS command to display or modify Access Control Lists (ACLs) for files and folders. ACL determines which users (or groups of users) can read or edit the file.

In the new version of Windows (Windows 7 and Windows 2008 Server) there is a similar utility for command prompt which is "ICACLS".

The usage is easy as follow:

cacls C:\users\johns
icacls C:\users\johns\test.txt

you can save the output in a file as well with following argument:

> filename.txt

Examples:

cacls C:\users\johns > filename.txt
icacls C:\users\johns\test.txt > filename.txt

All the best,



0
 

Author Comment

by:japitsolution
ID: 36818553
Well I prefer either an portable tool or a command base script. I cannot make the below changes on the server:

1. Install a Program
2. Make changes to permissions/security on a folder.

Hence the above solution is not appropriate.

Any other suggestions?
0
 
LVL 4

Expert Comment

by:artsec
ID: 36818932
Hi,

Did you check my solution?  It is windows command prompt utility and you can make a batch  file easily. You do not need to change any permissions or install an application.

Thanks,
Ali
0
 

Author Comment

by:japitsolution
ID: 36952337
Hi Artsec/Ali,

Your solution is impressive however what I initially requested was a Tool/Batch file which can extract this information.

Are you able to prepare a Batchfile for me Please?

Thank you.
0
 
LVL 5

Accepted Solution

by:
mlchelp earned 500 total points
ID: 36977395
try this, paste it into notepad and then save it as something.bat maybe permissions.bat or what ever you want, it will prompt you for the folder enter c:\windows or what ever folder you are using, then it will display the users and groups with permision to the folder then it will prompt you for a groupname and then display the members of the group.


set /p folderin=Please enter folder path, IE C:/windows:
icacls %folderin%
set /p groupin=Please enter group:
net group "%groupin" /domain


Have fun

Mike
0
 
LVL 5

Expert Comment

by:mlchelp
ID: 36977415
If you have enough disk space run multiple versions of windows 7 each with a different version of sql installed and then select wich ever one you want at startup via the boot.ini
0
 

Author Closing Comment

by:japitsolution
ID: 36982721
Fantastic Solution Mike.

It worked like a treat
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question