Is there a way to read and display file permissions? 
Author Message
 Is there a way to read and display file permissions?

Hi,

I'm trying to write a wsh script to read and display who has what
permissions on a specific file.  Is there a way to do this?

Thanks,
Vijai



Tue, 02 Aug 2005 00:12:26 GMT  
 Is there a way to read and display file permissions?
By calling the properties of a file, you already change the properties.

There is no native way to 'inherit' or determine the 'faith' of a file under
Windows.

 There was a drag and rename thing under 3.11 for the directory.

Now with registry and hex-mess, over.


Quote:
> Hi,

> I'm trying to write a wsh script to read and display who has what
> permissions on a specific file.  Is there a way to do this?

> Thanks,
> Vijai



Wed, 03 Aug 2005 17:19:47 GMT  
 Is there a way to read and display file permissions?

Quote:

> I'm trying to write a wsh script to read and display who has what
> permissions on a specific file.  Is there a way to do this?

Hi

You could parse the output of cacls.exe:

C:\>cacls
Displays or modifies access control lists (ACLs) of files
...

To redirect the output from cacls to a file (c:\logs\cacls.txt):

sFile = "j:\test\somefile.doc"
Set oShell = CreateObject("WScript.Shell")
oShell.Run "%comspec% /c cacls.exe " & sFile & " >c:\logs\cacls.txt", 0 , True

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and a ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter



Thu, 04 Aug 2005 02:58:52 GMT  
 Is there a way to read and display file permissions?


Quote:
> Hi,

> I'm trying to write a wsh script to read and display who has what
> permissions on a specific file.  Is there a way to do this?

It can be done completely with WSH, but it is not an approach for the
faint-hearted!

First, you need to get and register a dll called ADsSecurity.dll. Sorry, I
forget exactly where this can be found, but a google search will probably
find it. This site gives a bit of background on this:

    http://isg.ee.ethz.ch/tools/realmen/det/dacl.en.html

My script below accumulates the ACLS for any files and or folders dropped
onto it (or onto a shortcut to it). After you have finished dragging files
onto it, double-click on it and it will display the results in an excel
spreadsheet. If you do not have excel installed, substitute notepad or the
executable of your choice. Remember to save the file somewhere, as it will
be deleted when you close excel (or notepad) in preparation for the next
bunch of files you might want to drag onto it.

What is displayed is significantly more complex than what you see in any of
the related security tabs (remember the phrase "not for the faint-hearted).
Once you use it on a couple of files whose permissions you know, you will
soon recognize which bits indicate full/modify/read-only. But if you are
more interested in the whom than the how, all of the permittees will be
displayed.

Of course, if your files and folders are permitted to groups rather than to
individuals (as is considered standard practice), you will still need to
enumerate these groups (and any nested groups) to find the answer to your
question: "Exactly *who* has access to this file?"

/Al

'''''' cut here '''''''''
option explicit

' drag-n-drop files onto this script to display their acls [A.Dunbar]

Const ForWriting = 2
Const ForAppending = 8
const outfile = "C:\aclsdrop.txt"
dim objArgs, sec, i, msgtotal
dim singleArg
Dim fso, ts
Set fso = CreateObject( "Scripting.FileSystemObject" )

dim WSO : Set WSO = WScript.CreateObject("WScript.Shell")
set sec = createobject( "ADsSecurity" )

Set objArgs = WScript.Arguments
if objArgs.Count = 0 then

 if fso.fileexists( outfile ) then
  WSO.Run "excel.exe " & outfile, ,true
  fso.deletefile outfile
 else
  msgbox "Drag and drop files and folders and then double-click"
 end if

else
 if fso.fileexists(outfile) then
  Set ts = fso.OpenTextFile( outfile, ForAppending, True )
 else
  Set ts = fso.OpenTextFile( outfile, ForAppending, True )
  ts.writeline "" _
   & "seq.no." _
   & vbtab & "flags" _
   & vbtab & "acetype" _
   & vbtab & "aceflgs" _
   & vbtab & "accessmask" _
   & vbtab & "trustee" _
   & vbtab & "File" _
   & vbtab & "owner" _
   & vbtab & "size" _
   & vbtab & "date" _
   & ""
 end if

 msgtotal = ""
 For I = 0 to objArgs.Count - 1
  msgtotal = msgtotal & showACLS( objArgs(I) )
 Next

 ts.write msgtotal
 ts.close

end if

set sec = nothing
set fso = nothing
set WSO = nothing
set ts = nothing

wscript.Quit

function showACLS( argpathname )

 dim count, msg, sd, dacl, ace, ahex, ffsize, ffdate

 count = 0
 msg = ""

 if fso.fileexists(argpathname) then
  with fso.getfile(argpathname)
   ffsize = .size
   ffdate = .datelastmodified
  end with
 elseif fso.folderexists(argpathname) then
  with fso.getfolder(argpathname)
   ffsize = "folder"
   ffdate = .datelastmodified
  end with
 else
  ffdate = "nofile"
  ffdate = "nofile"
 end if

 set sd = sec.getsecuritydescriptor("FILE://" & argpathname )
 set dacl = sd.discretionaryacl

 for each ace in dacl
  count = count + 1
  ahex = "00000000" & hex(ace.accessmask)
  ahex = right( ahex, 8 )

'   msg = msg & vbnewline & count & vbtab _
'    & ace.flags & vbtab & ace.aceflags & vbtab & ace.acetype _
'    & vbtab & ahex & vbtab & ace.trustee

  msg = msg & "" _
   & count _
   & vbtab & ace.flags _
   & vbtab & ace.acetype _
   & vbtab & ace.aceflags _
   & vbtab & ahex _
   & vbtab & ace.trustee _
   & vbtab & argpathname _
   & vbtab & sd.owner _
   & vbtab & ffsize _
   & vbtab & ffdate _
   & vbnewline

 next
 showACLS = msg
end function

'''''' cut here '''''''''



Fri, 12 Aug 2005 08:02:29 GMT  
 Is there a way to read and display file permissions?

Quote:

> It can be done completely with WSH, but it is not an approach for the
> faint-hearted!

> First, you need to get and register a dll called ADsSecurity.dll. Sorry, I
> forget exactly where this can be found, but a google search will probably
> find it.

Hi

An old version (that has bugs) is to be found in the ADSI 2.5 SDK download. The
latest bug-fixed version is not available as a download from MS, but Max L.
Vaughn (MS) has posted a zip file called DLLs.ZIP a couple of times the last
month in the microsoft.public.adsi.general group. I will repost it here in a
parallel post to this one.

--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and a ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter



Fri, 12 Aug 2005 19:10:40 GMT  
 
 [ 5 post ] 

 Relevant Pages 

1. ways to convert a jpg file to eps file

2. Read permissions on Files and Folders

3. Read directory/file permission

4. Creating File with Read/Write Permissions

5. Time function, displaying AM PM

6. possible ways to download remote files..

7. How read NT NTFS Permissions via ASP, Active Server Pages?, pcumming

8. read permissions for .WriteLine

9. Reading folder permission

10. Read security permissions (NTFS)

11. Reading Share and NTFS Permissions

12. read permissions for .WriteLine

 

 
Powered by phpBB® Forum Software