?
Solved

what to extract user folder permissions

Posted on 2012-04-06
3
Medium Priority
?
307 Views
Last Modified: 2012-05-17
What is the command to find what permissions a specific user has on all folders on the drive E.
0
Comment
Question by:Enclave Technologies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37815841
cacls in XP/2003, icacls in 08 or Win7:
These can both be output to a text file. Both built in to Windows.

 NOTE: Cacls is now deprecated, please use Icacls.

 Displays or modifies access control lists (ACLs) of files

 CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]
        [/R user [...]] [/P user:perm [...]] [/D user [...]]
    filename      Displays ACLs.
    /T            Changes ACLs of specified files in
                  the current directory and all subdirectories.
    /L            Work on the Symbolic Link itself versus the target
    /M            Changes ACLs of volumes mounted to a directory
    /S            Displays the SDDL string for the DACL.
    /S:SDDL       Replaces the ACLs with those specified in the SDDL string
                  (not valid with /E, /G, /R, /P, or /D).
    /E            Edit ACL instead of replacing it.
    /C            Continue on access denied errors.
    /G user:perm  Grant specified user access rights.
                  Perm can be: R  Read
                               W  Write
                               C  Change (write)
                               F  Full control
    /R user       Revoke specified user's access rights (only valid with /E).
    /P user:perm  Replace specified user's access rights.
                  Perm can be: N  None
                               R  Read
                               W  Write
                               C  Change (write)
                               F  Full control
    /D user       Deny specified user access.
 Wildcards can be used to specify more than one file in a command.
 You can specify more than one user in a command.

 Abbreviations:
    CI - Container Inherit.
         The ACE will be inherited by directories.
    OI - Object Inherit.
         The ACE will be inherited by files.
    IO - Inherit Only.
         The ACE does not apply to the current file/directory.
    ID - Inherited.
         The ACE was inherited from the parent directory's ACL.
0
 

Author Comment

by:Enclave Technologies
ID: 37815863
The above would work for one folder but the problem is this is a server data drive and there are lots of folders that the user has permissions to .I need a command or a cmdlet that will tell me what permissions a particular user has on ALL folders on the data drive.
0
 
LVL 7

Accepted Solution

by:
BelushiLomax earned 1000 total points
ID: 37815905
I guess thats why MS deprecated cacls for icacls. There are others like subinacl or xcacls but that'd be a last resort for me.
You can easily find a powershell or vb script to do this, but Auditing will do it also, you just have to configure it but it's built in to MS Servers.
You may be able to do it thru the File Server Resource Manager, but I havent tried before to set that up there...

I know I can use icacls to traverse all subdirectories and check, set, change perms. Set it to run at the root of the drive  with the /T switch and output to text file.

From icacls command prompt:
 icacls c:\windows\* /save AclFile /T
 - Will save the ACLs for all files under c:\windows
   and its subdirectories to AclFile.

Icacls will perform immediate results (would be my first choice if this is a one off inquiry)
Auditing would be first if this was a long term monitoring situation.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question