Is there a way to read and display file permissions?
Quote:
> Hi,
> I'm trying to write a wsh script to read and display who has what
> permissions on a specific file. Is there a way to do this?
It can be done completely with WSH, but it is not an approach for the
faint-hearted!
First, you need to get and register a dll called ADsSecurity.dll. Sorry, I
forget exactly where this can be found, but a google search will probably
find it. This site gives a bit of background on this:
http://isg.ee.ethz.ch/tools/realmen/det/dacl.en.html
My script below accumulates the ACLS for any files and or folders dropped
onto it (or onto a shortcut to it). After you have finished dragging files
onto it, double-click on it and it will display the results in an excel
spreadsheet. If you do not have excel installed, substitute notepad or the
executable of your choice. Remember to save the file somewhere, as it will
be deleted when you close excel (or notepad) in preparation for the next
bunch of files you might want to drag onto it.
What is displayed is significantly more complex than what you see in any of
the related security tabs (remember the phrase "not for the faint-hearted).
Once you use it on a couple of files whose permissions you know, you will
soon recognize which bits indicate full/modify/read-only. But if you are
more interested in the whom than the how, all of the permittees will be
displayed.
Of course, if your files and folders are permitted to groups rather than to
individuals (as is considered standard practice), you will still need to
enumerate these groups (and any nested groups) to find the answer to your
question: "Exactly *who* has access to this file?"
/Al
'''''' cut here '''''''''
option explicit
' drag-n-drop files onto this script to display their acls [A.Dunbar]
Const ForWriting = 2
Const ForAppending = 8
const outfile = "C:\aclsdrop.txt"
dim objArgs, sec, i, msgtotal
dim singleArg
Dim fso, ts
Set fso = CreateObject( "Scripting.FileSystemObject" )
dim WSO : Set WSO = WScript.CreateObject("WScript.Shell")
set sec = createobject( "ADsSecurity" )
Set objArgs = WScript.Arguments
if objArgs.Count = 0 then
if fso.fileexists( outfile ) then
WSO.Run "excel.exe " & outfile, ,true
fso.deletefile outfile
else
msgbox "Drag and drop files and folders and then double-click"
end if
else
if fso.fileexists(outfile) then
Set ts = fso.OpenTextFile( outfile, ForAppending, True )
else
Set ts = fso.OpenTextFile( outfile, ForAppending, True )
ts.writeline "" _
& "seq.no." _
& vbtab & "flags" _
& vbtab & "acetype" _
& vbtab & "aceflgs" _
& vbtab & "accessmask" _
& vbtab & "trustee" _
& vbtab & "File" _
& vbtab & "owner" _
& vbtab & "size" _
& vbtab & "date" _
& ""
end if
msgtotal = ""
For I = 0 to objArgs.Count - 1
msgtotal = msgtotal & showACLS( objArgs(I) )
Next
ts.write msgtotal
ts.close
end if
set sec = nothing
set fso = nothing
set WSO = nothing
set ts = nothing
wscript.Quit
function showACLS( argpathname )
dim count, msg, sd, dacl, ace, ahex, ffsize, ffdate
count = 0
msg = ""
if fso.fileexists(argpathname) then
with fso.getfile(argpathname)
ffsize = .size
ffdate = .datelastmodified
end with
elseif fso.folderexists(argpathname) then
with fso.getfolder(argpathname)
ffsize = "folder"
ffdate = .datelastmodified
end with
else
ffdate = "nofile"
ffdate = "nofile"
end if
set sd = sec.getsecuritydescriptor("FILE://" & argpathname )
set dacl = sd.discretionaryacl
for each ace in dacl
count = count + 1
ahex = "00000000" & hex(ace.accessmask)
ahex = right( ahex, 8 )
' msg = msg & vbnewline & count & vbtab _
' & ace.flags & vbtab & ace.aceflags & vbtab & ace.acetype _
' & vbtab & ahex & vbtab & ace.trustee
msg = msg & "" _
& count _
& vbtab & ace.flags _
& vbtab & ace.acetype _
& vbtab & ace.aceflags _
& vbtab & ahex _
& vbtab & ace.trustee _
& vbtab & argpathname _
& vbtab & sd.owner _
& vbtab & ffsize _
& vbtab & ffdate _
& vbnewline
next
showACLS = msg
end function
'''''' cut here '''''''''
