Solved

Recursive folder search vbscript

Posted on 2016-11-09
7
29 Views
Last Modified: 2016-11-11
Have a script that works fine on a parent folder if i specify an absolute path, i was wondering if there is a way to recurse subfolders as well?

strcomputer = "." 

Set objFSO = CreateObject("Scripting.FileSystemObject") 
objStartFolder = "C:\test" 
Set objFolder = objFSO.GetFolder(objStartFolder) 
WScript.Echo "Root folder Being Enumerated: " & objFolder.Path & vbcrlf 
WScript.Echo "Files Found: " & vbCrLf 
Set colFiles = objFolder.Files 
For Each objFile In colFiles 
intcount = intcount + 1 
 WScript.Echo "   File: " & objFile.Name & vbCrLf 
 WScript.Echo "  Permissions: " & vbcrlf 
  
  
 Call get_Security(objfile,strcomputer) 
Next 
If intcount = 0 Then 
 WScript.Echo "No Files Were Found in " & objstartfolder 
End if 
intcount = 0 
WScript.Echo 
WScript.Echo 

ShowSubfolders objFSO.GetFolder(objStartFolder) 
Sub ShowSubFolders(Folder) 
 For Each Subfolder In Folder.SubFolders 
  WScript.Echo "Sub Folder Name: " & Subfolder.Path 
     
 'Get Security for Folder 
 WScript.Echo "Folder Permissions for: " & subfolder.name & vbcrlf 
  Call get_Security(subfolder,strcomputer) 
   
   
  Set objFolder = objFSO.GetFolder(Subfolder.Path) 
  Set colFiles = objFolder.Files 
  For Each objFile In colFiles 
    IntCountFile = intCountFile + 1 
   
      WScript.Echo "File Permissons for: " & objFile.Name 
     call get_Security(objfile,strcomputer) 
       
  Next 
  
 If intCountFile = 0 Then 
 WScript.Echo "Files: " 
 WScript.Echo subfolder & " Has Zero Files " & vbCrLf & vbcrlf 
 End If 
 intCountFile = 0 
   
  ShowSubFolders Subfolder 
 Next 
End Sub 
  

Sub get_Security(FolderFileValue,strcomputer) 
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 
Set objFile = objWMIService.Get("Win32_LogicalFileSecuritySetting='"&FolderFileValue&"'") 
                                                                      
If objFile.GetSecurityDescriptor(objSD) = 0 Then 
WScript.Echo 
Wscript.Echo "Owner: " & objSD.Owner.Name 
Wscript.Echo 
For Each objAce in objSD.DACL 
    Wscript.Echo "Trustee: " & objAce.Trustee.Domain & "\" & objAce.Trustee.Name 
    If objAce.AceType = 0 Then 
        strAceType = "Allowed" 
    Else 
        strAceType = "Denied" 
    End If 
    Wscript.Echo "Ace Type: " & strAceType 
    Wscript.Echo "Ace Flags:" 
    If objAce.AceFlags AND 1 Then 
        Wscript.Echo vbTab & "Child objects that are not containers inherit permissions." 
    End If 
    If objAce.AceFlags AND 2 Then 
        Wscript.Echo vbTab & "Child objects inherit and pass on permissions." 
    End If 
    If objAce.AceFlags AND 4 Then 
        Wscript.Echo vbTab & "Child objects inherit but do not pass on permissions." 
    End If 
    If objAce.AceFlags AND 8 Then 
        Wscript.Echo vbTab & "Object is not affected by but passes on permissions." 
    End If 
    If objAce.AceFlags AND 16 Then 
        Wscript.Echo vbTab & "Permissions have been inherited." 
    End If 
    Wscript.Echo "Access Masks:" 
    If objAce.AccessMask AND 1048576 Then 
        Wscript.Echo vbtab & "Synchronize" 
    End If 
    If objAce.AccessMask AND 524288 Then 
        Wscript.Echo vbtab & "Write owner" 
    End If 
    If objAce.AccessMask AND 262144 Then 
        Wscript.Echo vbtab & "Write ACL" 
    End If 
    If objAce.AccessMask AND 131072 Then 
        Wscript.Echo vbtab & "Read security" 
    End If 
    If objAce.AccessMask AND 65536 Then 
        Wscript.Echo vbtab & "Delete" 
    End If 
    If objAce.AccessMask AND 256 Then 
        Wscript.Echo vbtab & "Write attributes" 
    End If 
    If objAce.AccessMask AND 128 Then 
        Wscript.Echo vbtab & "Read attributes" 
    End If 
    If objAce.AccessMask AND 64 Then 
        Wscript.Echo vbtab & "Delete dir" 
    End If 
    If objAce.AccessMask AND 32 Then 
        Wscript.Echo vbtab & "Execute" 
    End If 
    If objAce.AccessMask AND 16 Then 
        Wscript.Echo vbtab & "Write extended attributes" 
    End If 
    If objAce.AccessMask AND 8 Then 
        Wscript.Echo vbtab & "Read extended attributes" 
    End If 
    If objAce.AccessMask AND 4 Then 
        Wscript.Echo vbtab & "Append" 
    End If 
    If objAce.AccessMask AND 2 Then 
        Wscript.Echo vbtab & "Write" 
    End If 
    If objAce.AccessMask AND 1 Then 
        Wscript.Echo vbtab & "Read" 
    End If 
    Wscript.Echo 
    Wscript.Echo 
Next 
End If 
  

End Sub 

Open in new window

0
Comment
Question by:leadtheway
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Bill Prew
ID: 41881315
I'm confused on what the question is, the script you showed already seems to drill down into all subfolders in the folder tree of the parent folder.  Can you explain further the problem you are having or what you need to add to this?

~bp
0
 
LVL 1

Author Comment

by:leadtheway
ID: 41882350
its not recursing folders, and its doing all the files as well, i just want parent and child objects if the permissions differ from parent, attached is what i'm getting, but it seems once it completes the root folder it errors instead of recursing.  i get the following error:llpathscript.vbs(57, 1) SWbemServicesEx: Invalid object path
output.txt
0
 
LVL 51

Expert Comment

by:Bill Prew
ID: 41882430
It certainly seems to be recursing into subfolders, I see the following in the output file:

  2202 1:Sub Folder Name: E:\Share\.TemporaryItems
  2367 1:Sub Folder Name: E:\Share\.TemporaryItems\folders.1686636526
  2532 1:Sub Folder Name: E:\Share\.TemporaryItems\folders.502
  2697 1:Sub Folder Name: E:\Share\.Trashes
  2862 1:Sub Folder Name: E:\Share\.Trashes\0
  3027 1:Sub Folder Name: E:\Share\.Trashes\1686636526
  3498 1:Sub Folder Name: E:\Share\Accounting
  5808 1:Sub Folder Name: E:\Share\Accounting\2016 SOC 1 Audit
  6336 1:Sub Folder Name: E:\Share\Accounting\2016 SOC 1 Audit\6A
  15264 1:Sub Folder Name: E:\Share\Accounting\2016 SOC 1 Audit\6B
  22032 1:Sub Folder Name: E:\Share\Accounting\2016 SOC 1 Audit\A3
  28800 1:Sub Folder Name: E:\Share\Accounting\2016 SOC 1 Audit\A5

Open in new window

~bp
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:leadtheway
ID: 41882769
Yeah i see its recursing the first folder, but not all the way through and not the rest of the folders, plus that error might be breaking it,
0
 
LVL 51

Accepted Solution

by:
Bill Prew earned 500 total points
ID: 41882937
Give this a try, it will trap errors on that statement and report them when found and return gracefully from the subroutine for that file.  Seems to allow the rest of the files to be reported on.  Search the output for "*ERROR*" to see the trapped errors.

strcomputer = "."

Set objFSO = CreateObject("Scripting.FileSystemObject")
objStartFolder = "C:\test"
Set objFolder = objFSO.GetFolder(objStartFolder)
WScript.Echo "Root folder Being Enumerated: " & objFolder.Path & vbcrlf
WScript.Echo "Files Found: " & vbCrLf
Set colFiles = objFolder.Files
For Each objFile In colFiles
    intcount = intcount + 1
    WScript.Echo "   File: " & objFile.Name & vbCrLf
    WScript.Echo "  Permissions: " & vbcrlf
    Call get_Security(objfile, strcomputer)
Next
If intcount = 0 Then
    WScript.Echo "No Files Were Found in " & objstartfolder
End If
intcount = 0
WScript.Echo
WScript.Echo

ShowSubfolders objFSO.GetFolder(objStartFolder)
Sub ShowSubFolders(Folder)
    For Each Subfolder In Folder.SubFolders
        WScript.Echo "Sub Folder Name: " & Subfolder.Path

        'Get Security for Folder 
        WScript.Echo "Folder Permissions for: " & subfolder.name & vbcrlf
        Call get_Security(subfolder, strcomputer)

        Set objFolder = objFSO.GetFolder(Subfolder.Path)
        Set colFiles = objFolder.Files
        For Each objFile In colFiles
            IntCountFile = intCountFile + 1
            WScript.Echo "File Permissons for: " & objFile.Name
            Call get_Security(objfile, strcomputer)
        Next

        If intCountFile = 0 Then
            WScript.Echo "Files: "
            WScript.Echo subfolder & " Has Zero Files " & vbCrLf & vbcrlf
        End If
        intCountFile = 0

        ShowSubFolders Subfolder
    Next
End Sub


Sub get_Security(FolderFileValue, strcomputer)

    On Error Resume Next

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set objFile = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & FolderFileValue & "'")
    If Err.Number <> 0 Then 
        Wscript.Echo "*ERROR* Err.Number & " - " & Err.Description & " - on file : " & FolderFileValue
        On Error Goto 0
        Exit Sub 
    End If

    On Error Goto 0

    If objFile.GetSecurityDescriptor(objSD) = 0 Then
        WScript.Echo
        Wscript.Echo "Owner: " & objSD.Owner.Name
        Wscript.Echo
        For Each objAce In objSD.DACL
            Wscript.Echo "Trustee: " & objAce.Trustee.Domain & "\" & objAce.Trustee.Name
            If objAce.AceType = 0 Then
                strAceType = "Allowed"
            Else
                strAceType = "Denied"
            End If
            Wscript.Echo "Ace Type: " & strAceType
            Wscript.Echo "Ace Flags:"
            If objAce.AceFlags And 1 Then
                Wscript.Echo vbTab & "Child objects that are not containers inherit permissions."
            End If
            If objAce.AceFlags And 2 Then
                Wscript.Echo vbTab & "Child objects inherit and pass on permissions."
            End If
            If objAce.AceFlags And 4 Then
                Wscript.Echo vbTab & "Child objects inherit but do not pass on permissions."
            End If
            If objAce.AceFlags And 8 Then
                Wscript.Echo vbTab & "Object is not affected by but passes on permissions."
            End If
            If objAce.AceFlags And 16 Then
                Wscript.Echo vbTab & "Permissions have been inherited."
            End If
            Wscript.Echo "Access Masks:"
            If objAce.AccessMask And 1048576 Then
                Wscript.Echo vbtab & "Synchronize"
            End If
            If objAce.AccessMask And 524288 Then
                Wscript.Echo vbtab & "Write owner"
            End If
            If objAce.AccessMask And 262144 Then
                Wscript.Echo vbtab & "Write ACL"
            End If
            If objAce.AccessMask And 131072 Then
                Wscript.Echo vbtab & "Read security"
            End If
            If objAce.AccessMask And 65536 Then
                Wscript.Echo vbtab & "Delete"
            End If
            If objAce.AccessMask And 256 Then
                Wscript.Echo vbtab & "Write attributes"
            End If
            If objAce.AccessMask And 128 Then
                Wscript.Echo vbtab & "Read attributes"
            End If
            If objAce.AccessMask And 64 Then
                Wscript.Echo vbtab & "Delete dir"
            End If
            If objAce.AccessMask And 32 Then
                Wscript.Echo vbtab & "Execute"
            End If
            If objAce.AccessMask And 16 Then
                Wscript.Echo vbtab & "Write extended attributes"
            End If
            If objAce.AccessMask And 8 Then
                Wscript.Echo vbtab & "Read extended attributes"
            End If
            If objAce.AccessMask And 4 Then
                Wscript.Echo vbtab & "Append"
            End If
            If objAce.AccessMask And 2 Then
                Wscript.Echo vbtab & "Write"
            End If
            If objAce.AccessMask And 1 Then
                Wscript.Echo vbtab & "Read"
            End If
            Wscript.Echo
            Wscript.Echo
        Next
    End If

End Sub

Open in new window

~bp
1
 
LVL 51

Expert Comment

by:Bill Prew
ID: 41882941
There are also different ways to enumerate the flag values, take a look at the dictionary technique in this example, makes the executing code go a little cleaner to read and *may* execute a little faster.

http://www.indented.co.uk/2009/02/19/reading-ntfs-and-share-security-with-vbscript/

~bp
1
 
LVL 1

Author Closing Comment

by:leadtheway
ID: 41884016
Thanks for the assist!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this tutorial I will show you how to make a simple HTML bar chart with the usage of WhizBase, If you want more information about WhizBase please read my previous articles at http://www.experts-exchange.com/ARTH_5123186.html (http://www.experts-ex…
I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now