Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 99
  • Last Modified:

List ACL

Ive been asked to audit a server with regards to permissions to files and folders, so Ive come up with the idea of using C# to loop through the files and folders and write to a file what permissions each file/folder has.

So looking at the ACL documentation I can use the following code:-
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.AccessControl;
using System.Text;
using System.Threading.Tasks;

namespace ACL
{
    class Program
    {
        static void Main(string[] args) {
            getACLInformation("C:\\Rob\\account.sbd");

        }

        static void getACLInformation(string strFile) {
            FileInfo fInfo = new FileInfo(strFile);
            FileSecurity fSecurity = fInfo.GetAccessControl();
        }
    }
}

Open in new window


However when I look at fSecurity I cannot find out how to get a list of the users/groups and then what permissions they have and if its inherited or not.

Does anyone have any links to documentation or sample code of getting ACL information so I can dump it to a text file for import into a database at a later time for reporting?

Thank you
0
tonelm54
Asked:
tonelm54
1 Solution
 
it_saigeDeveloperCommented:
One of the many reasons why I love extension methods; the following code -
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;

namespace EE_Q28579222
{
	class Program
	{
		static void Main(string[] args)
		{
			@"C:\_admin\test.xml".ListFileACLs();
			FileInfo file = new FileInfo(@"C:\_admin\test2.xml");
			file.ListFileACLs();
			Console.ReadLine();
		}
	}

	static class Extensions
	{
		public static void ListDirectoryACLs(this string directory)
		{
			ListDirectoryACLs(new DirectoryInfo(directory));
		}

		public static void ListDirectoryACLs(this DirectoryInfo directory)
		{
			if (directory.Exists)
			{
				DirectorySecurity acls = new DirectorySecurity(directory.FullName, AccessControlSections.Access);
				StringBuilder sb = new StringBuilder();

				sb.AppendFormat("Access Control List for Directory - {0}", directory.FullName).AppendLine();
				foreach (FileSystemAccessRule rule in acls.GetAccessRules(true, true, typeof(NTAccount)))
				{
					sb.AppendFormat("Account:     {0}", rule.IdentityReference.Value).AppendLine();
					sb.AppendFormat("Type:        {0}", rule.AccessControlType).AppendLine();
					sb.AppendFormat("Rights:      {0}", rule.FileSystemRights).AppendLine();
					sb.AppendFormat("Inherited:   {0}", rule.IsInherited).AppendLine();
					sb.AppendFormat("Inheritance: {0}", rule.InheritanceFlags).AppendLine();
					sb.AppendFormat("Propagation: {0}", rule.PropagationFlags).AppendLine();
					sb.AppendLine(new string('-', 25));
				}
				Console.WriteLine(sb.ToString());
			}
		}

		public static void ListFileACLs(this string file)
		{
			ListFileACLs(new FileInfo(file));
		}

		public static void ListFileACLs(this FileInfo file)
		{
			if (file.Exists)
			{
				FileSecurity acls = new FileSecurity(file.FullName, AccessControlSections.Access);
				StringBuilder sb = new StringBuilder();

				sb.AppendFormat("Access Control List for File - {0}", file.FullName).AppendLine();
				foreach (FileSystemAccessRule rule in acls.GetAccessRules(true, true, typeof(NTAccount)))
				{
					sb.AppendFormat("Account:     {0}", rule.IdentityReference.Value).AppendLine();
					sb.AppendFormat("Type:        {0}", rule.AccessControlType).AppendLine();
					sb.AppendFormat("Rights:      {0}", rule.FileSystemRights).AppendLine();
					sb.AppendFormat("Inherited:   {0}", rule.IsInherited).AppendLine();
					sb.AppendFormat("Inheritance: {0}", rule.InheritanceFlags).AppendLine();
					sb.AppendFormat("Propagation: {0}", rule.PropagationFlags).AppendLine();
					sb.AppendLine(new string('-', 25));
				}
				Console.WriteLine(sb.ToString());
			}
		}
	}
}

Open in new window


Provides the following output -Capture.JPG
-saige-
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now