Extract rights on shares files

[tul1]

Extract rights on shares files

Hello all. For arranging the immigrate to AD, I was asked: For each server: Server Name Server Purpose Local groups (if any) and membership - list each group and its purpose if known Shares and associated file rights 3 first items + shares – not a problem through the mmc - export the relevant details to xls. BUT – in the MMC there is no way to see the rights, only by clicking on each folder \ file, and see who has the rights. And we are speaking here about some hundreds files. Do you know any tool that can extract this info, or maybe easiest way to script that? Thanks very much!

 

[antidot]

------>

2 אפשרויות שישר קופצות לי לראש: subinacl:

C:\Documents and Settings\antid0t>subinacl /share \\descartes\netlogon ============================ +Share \\descartes\netlogon ============================ /control=0x0 /audit ace count =0 /perm. ace count =2 /pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0 Read /pace =builtin\administrators ACCESS_ALLOWED_ACE_TYPE-0x0 Full Control Elapsed Time: 00 00:00:00 Done: 1, Modified 0, Failed 0, Syntax errors 0 Last Done : \\descartes\netlogon​

setacl

C:\Documents and Settings\antid0t>SetACL.exe -on "\\descartes\netlogon" -ot shr -actn list "\\descartes\netlogon",5,"DACL(not_protected):Everyone,read,allow,no_inheritance:BUILTIN\Administrators,full,allow,no_inheritance" SetACL finished successfully.​

אני במקומך הייתי הולך על setacl שיודע לעשות dump של הרשאות לקובץ ואח"כ לשחזר הרשאות מהקובץ, כאשר ניתן במידת הצורך להחליף SID-ים. (לא בדקתי אם subinacl מסוגלת לעשות את זה)

 

[tul1]

Can you help me?

Hi, Thanks for your answer. I choosed to use xcacls.vbs. From some reason, when I type in the command line: cscript.exe c:\xcacls.vbs c:\testfile.txt > c:\output.txt All ok. I can see the results in the output file. But when I script that, I tried both with wshshell.run, wshshell.exce It is not working. See below my script. WHY IT IS Not WORKING???? It does everything OK, but it doesnt create the outpu file!!! WHY???????? I am desperate!!! Plese Help Thanks in advence. =============================================================== dim wshshell Set WshShell = WScript.CreateObject("WScript.Shell") WshShell.exec("cscript.exe f:\ad\floppy\xcacls.vbs f:\ad\floppy\adie.txt > f:\ad\floppy\wsh.txt")

 

[antidot]

------>

הפרמטר של exec לא יכול להכיל redirection לקובץ. בשביל לעקוף את הבעיה עושים את התרגיל הבא:

Const OUTPUT_FILE = "c:\permdump.txt" dim objShell dim objExecObject dim FileSystem dim OutputFile 'Initialize global variables Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") Set OutPutFile = FileSystem.CreateTextFile(OUTPUT_FILE, True) 'Set oOutputFile = FileSystem.GetFile(OUTPUT_FILE) Set objShell = WScript.CreateObject("WScript.Shell") Set objExecObject = objShell.Exec("cscript.exe C:\Tools\Misc\xcacls.vbs C:\Tools\Misc") Do While Not objExecObject.StdOut.AtEndOfStream OutPutFile.WriteLine objExecObject.StdOut.ReadLine() Loop 'Clean up OutPutFile.Close Set FileSystem = Nothing​

ראה גם קובץ מצורף אם משהו משתבש בקוד. מה שעדיין לא ברור לי זה העובדה שxcacls יתן לך NTFS permissions ולא share permissions שאותם ביקשת בשאלה המקורית (בגלל זה הפנתי ל subinacl ו- setacl).