Hi, I'm writing a script which writes the ACL of folders to a file.
This work fine however there are folders that show deleted groups in the ACL.
In the file you only see blanc's where domain and groups should have been
displayed.
Is there a way to "show" the deleted folder (it shows on ACL as S-1)
see the script below.
kind regards,
Thijs
Dim Tekst
On Error Resume Next
'versie 4 voor MS001
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Set filesys = CreateObject("Scripting.FileSystemObject")
Set FileTXT=FileSYS.GetFile("MS001-folder-ACL.txt")
Datum = FileTXT.DateLastModified
Jaar = DatePart("yyyy", Datum)
Maand = DatePart("m", Datum)
Dag = DatePart("d", Datum)
FileSYS.MoveFile "MS001-folder-ACL.txt", Jaar & "-" & Maand & "-" & Dag &
"-" & "MS001-folder-ACL.txt"
Set filetxt = filesys.OpenTextFile("1st_level.txt", ForAppending, True)
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSubfolders = objWMIService.ExecQuery _
("Associators of {Win32_Directory.Name='E:\project'} " _
& "Where AssocClass = Win32_Subdirectory " _
& "ResultRole = PartComponent")
For Each objFolder In colSubfolders
filetxt.WriteLine(objFolder.Name)
Next
filetxt.close
Set filetxt = filesys.OpenTextFile("1st_level.txt", ForReading, True)
' -----------
Set filetxt = filesys.OpenTextFile("1st_level.txt", ForReading, True)
Set filetxt3 = filesys.OpenTextFile("MS001-folder-ACL.txt", ForAppending,
True)
SE_DACL_PRESENT = &h4
ACCESS_ALLOWED_ACE_TYPE = &h0
ACCESS_DENIED_ACE_TYPE = &h1
FILE_ALL_ACCESS = &h1f01ff
FOLDER_ADD_SUBDIRECTORY = &h000004
FILE_DELETE = &h010000
FILE_DELETE_CHILD = &h000040
FOLDER_TRAVERSE = &h000020
FILE_READ_ATTRIBUTES = &h000080
FILE_READ_CONTROL = &h020000
FOLDER_LIST_DIRECTORY = &h000001
FILE_READ_EA = &h000008
FILE_SYNCHRONIZE = &h100000
FILE_WRITE_ATTRIBUTES = &h000100
FILE_WRITE_DAC = &h040000
FOLDER_ADD_FILE = &h000002
FILE_WRITE_EA = &h000010
FILE_WRITE_OWNER = &h080000
FileTxt3.WriteLine("Foldername" & vbtab & "Domain" & vbtab & "Security
Group" & vbtab & "Permissions" & vbtab & "Cumulatief")
While Not filetxt.AtEndOfStream
strFolderName = filetxt.readline
Set objWMIService = GetObject("winmgmts:")
Set objFolderSecuritySettings = _
objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName & "'")
intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
intControlFlags = objSD.ControlFlags
If intControlFlags AND SE_DACL_PRESENT Then
arrACEs = objSD.DACL
For Each objACE in arrACEs
'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
objACE.Trustee.Name)
If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
objACE.Trustee.Name & ";Allowed:")
ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
objACE.Trustee.Name & ";Denied:")
End If
If objACE.AccessMask AND FILE_ALL_ACCESS Then
Result=Result + FILE_ALL_ACCESS
End If
If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
Result=Result + FOLDER_ADD_SUBDIRECTORY
End If
If objACE.AccessMask AND FILE_DELETE Then
Result=Result + FILE_DELETE
End If
If objACE.AccessMask AND FILE_DELETE_CHILD Then
Result=Result + FILE_DELETE_CHILD
End If
If objACE.AccessMask AND FOLDER_TRAVERSE Then
Result=Result + FOLDER_TRAVERSE
End If
If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
Result=Result + FILE_READ_ATTRIBUTES
End If
If objACE.AccessMask AND FILE_READ_CONTROL Then
Result=Result + FILE_READ_CONTROL
End If
If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
Result=Result + FOLDER_LIST_DIRECTORY
End If
If objACE.AccessMask AND FILE_READ_EA Then
Result=Result + FILE_READ_EA
End If
If objACE.AccessMask AND FILE_SYNCHRONIZE Then
Result=Result + FILE_SYNCHRONIZE
End If
If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
Result=Result + FILE_WRITE_ATTRIBUTES
End If
If objACE.AccessMask AND FILE_WRITE_DAC Then
Result=Result + FILE_WRITE_DAC
End If
If objACE.AccessMask AND FOLDER_ADD_FILE Then
Result=Result + FOLDER_ADD_FILE
End If
If objACE.AccessMask AND FILE_WRITE_EA Then
Result=Result + FILE_WRITE_EA
End If
If objACE.AccessMask AND FILE_WRITE_OWNER Then
Result=Result + FILE_WRITE_OWNER
End If
strcheckname=objAce.Trustee.sid
WScript.Echo strcheckName &vbTab& objace.trustee.sid
If strcheckname = "" Then
strname= "Deleted"
Else
strname=objAce.Trustee.name
End If
Select Case Result
Case 3211944
filetxt3.WriteLine (strFolderName & vbTab & objACE.Trustee.Domain
& vbTab & objACE.Trustee.Name & vbTab & "Read&Execute" & vbTab & Result)
Case 3277758
filetxt3.WriteLine (strFolderName & vbTab & objACE.Trustee.Domain
& vbTab & objACE.Trustee.Name & vbTab & "Modify" & vbTab & Result)
Case 4064254
filetxt3.WriteLine (strFolderName & vbTab & objACE.Trustee.Domain
& vbTab & objACE.Trustee.Name & vbTab & "Full Control" & vbTab & Result)
Case Else
filetxt3.WriteLine (strFolderName & vbTab & objACE.Trustee.Domain
& vbTab & objACE.Trustee.Name & vbTab & "Special Permissions" & vbTab &
Result)
End Select
Next
Else
WScript.Echo "No DACL present in security descriptor"
End If
Wend
filetxt.Close
filetxt2.Close
filetxt3.Close
WScript.Echo "Done"
filesys.DeleteFile("1st_level.txt")
ACL and deleted groups
- 21 May 2008 #1
Thijs GuestMy System SpecsACL and deleted groups
- 21 May 2008 #2
Allan GuestMy System SpecsRe: ACL and deleted groups
I find using fileacl works better than a script that complicated.
Try this:
http://www.microsoft.com/downloads/d...displaylang=en
Thanks,
Allan
"Thijs" <Thijs@xxxxxx> wrote in message
news:491135F3-C5EA-48BD-9BB8-748E9C83E756@xxxxxx
> Hi, I'm writing a script which writes the ACL of folders to a file.
> This work fine however there are folders that show deleted groups in the
> ACL.
> In the file you only see blanc's where domain and groups should have been
> displayed.
>
> Is there a way to "show" the deleted folder (it shows on ACL as S-1)
>
> see the script below.
>
> kind regards,
>
> Thijs
>
> Dim Tekst
> On Error Resume Next
>
> 'versie 4 voor MS001
>
> Const ForReading = 1, ForWriting = 2, ForAppending = 8
> Set filesys = CreateObject("Scripting.FileSystemObject")
>
> Set FileTXT=FileSYS.GetFile("MS001-folder-ACL.txt")
> Datum = FileTXT.DateLastModified
> Jaar = DatePart("yyyy", Datum)
> Maand = DatePart("m", Datum)
> Dag = DatePart("d", Datum)
> FileSYS.MoveFile "MS001-folder-ACL.txt", Jaar & "-" & Maand & "-" & Dag &
> "-" & "MS001-folder-ACL.txt"
>
> Set filetxt = filesys.OpenTextFile("1st_level.txt", ForAppending, True)
>
> strComputer = "."
>
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
>
> Set colSubfolders = objWMIService.ExecQuery _
> ("Associators of {Win32_Directory.Name='E:\project'} " _
> & "Where AssocClass = Win32_Subdirectory " _
> & "ResultRole = PartComponent")
>
> For Each objFolder In colSubfolders
> filetxt.WriteLine(objFolder.Name)
> Next
>
> filetxt.close
>
> Set filetxt = filesys.OpenTextFile("1st_level.txt", ForReading, True)
>
> ' -----------
> Set filetxt = filesys.OpenTextFile("1st_level.txt", ForReading, True)
> Set filetxt3 = filesys.OpenTextFile("MS001-folder-ACL.txt", ForAppending,
> True)
>
> SE_DACL_PRESENT = &h4
> ACCESS_ALLOWED_ACE_TYPE = &h0
> ACCESS_DENIED_ACE_TYPE = &h1
>
> FILE_ALL_ACCESS = &h1f01ff
> FOLDER_ADD_SUBDIRECTORY = &h000004
> FILE_DELETE = &h010000
> FILE_DELETE_CHILD = &h000040
> FOLDER_TRAVERSE = &h000020
> FILE_READ_ATTRIBUTES = &h000080
> FILE_READ_CONTROL = &h020000
> FOLDER_LIST_DIRECTORY = &h000001
> FILE_READ_EA = &h000008
> FILE_SYNCHRONIZE = &h100000
> FILE_WRITE_ATTRIBUTES = &h000100
> FILE_WRITE_DAC = &h040000
> FOLDER_ADD_FILE = &h000002
> FILE_WRITE_EA = &h000010
> FILE_WRITE_OWNER = &h080000
>
> FileTxt3.WriteLine("Foldername" & vbtab & "Domain" & vbtab & "Security
> Group" & vbtab & "Permissions" & vbtab & "Cumulatief")
>
> While Not filetxt.AtEndOfStream
> strFolderName = filetxt.readline
>
> Set objWMIService = GetObject("winmgmts:")
> Set objFolderSecuritySettings = _
> objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName &
> "'")
> intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
>
> intControlFlags = objSD.ControlFlags
> If intControlFlags AND SE_DACL_PRESENT Then
> arrACEs = objSD.DACL
> For Each objACE in arrACEs
> 'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
> objACE.Trustee.Name)
> If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
> 'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
> objACE.Trustee.Name & ";Allowed:")
> ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
> 'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
> objACE.Trustee.Name & ";Denied:")
> End If
> If objACE.AccessMask AND FILE_ALL_ACCESS Then
> Result=Result + FILE_ALL_ACCESS
> End If
> If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
> Result=Result + FOLDER_ADD_SUBDIRECTORY
> End If
> If objACE.AccessMask AND FILE_DELETE Then
> Result=Result + FILE_DELETE
> End If
> If objACE.AccessMask AND FILE_DELETE_CHILD Then
> Result=Result + FILE_DELETE_CHILD
> End If
> If objACE.AccessMask AND FOLDER_TRAVERSE Then
> Result=Result + FOLDER_TRAVERSE
> End If
> If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
> Result=Result + FILE_READ_ATTRIBUTES
> End If
> If objACE.AccessMask AND FILE_READ_CONTROL Then
> Result=Result + FILE_READ_CONTROL
> End If
> If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
> Result=Result + FOLDER_LIST_DIRECTORY
> End If
> If objACE.AccessMask AND FILE_READ_EA Then
> Result=Result + FILE_READ_EA
> End If
> If objACE.AccessMask AND FILE_SYNCHRONIZE Then
> Result=Result + FILE_SYNCHRONIZE
> End If
> If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
> Result=Result + FILE_WRITE_ATTRIBUTES
> End If
> If objACE.AccessMask AND FILE_WRITE_DAC Then
> Result=Result + FILE_WRITE_DAC
> End If
> If objACE.AccessMask AND FOLDER_ADD_FILE Then
> Result=Result + FOLDER_ADD_FILE
> End If
> If objACE.AccessMask AND FILE_WRITE_EA Then
> Result=Result + FILE_WRITE_EA
> End If
> If objACE.AccessMask AND FILE_WRITE_OWNER Then
> Result=Result + FILE_WRITE_OWNER
> End If
> strcheckname=objAce.Trustee.sid
> WScript.Echo strcheckName &vbTab& objace.trustee.sid
> If strcheckname = "" Then
> strname= "Deleted"
> Else
> strname=objAce.Trustee.name
> End If
>
> Select Case Result
> Case 3211944
> filetxt3.WriteLine (strFolderName & vbTab & objACE.Trustee.Domain
> & vbTab & objACE.Trustee.Name & vbTab & "Read&Execute" & vbTab & Result)
> Case 3277758
> filetxt3.WriteLine (strFolderName & vbTab &
> objACE.Trustee.Domain
> & vbTab & objACE.Trustee.Name & vbTab & "Modify" & vbTab & Result)
> Case 4064254
> filetxt3.WriteLine (strFolderName & vbTab &
> objACE.Trustee.Domain
> & vbTab & objACE.Trustee.Name & vbTab & "Full Control" & vbTab & Result)
> Case Else
> filetxt3.WriteLine (strFolderName & vbTab &
> objACE.Trustee.Domain
> & vbTab & objACE.Trustee.Name & vbTab & "Special Permissions" & vbTab &
> Result)
> End Select
> Next
> Else
> WScript.Echo "No DACL present in security descriptor"
> End If
> Wend
> filetxt.Close
> filetxt2.Close
> filetxt3.Close
> WScript.Echo "Done"
> filesys.DeleteFile("1st_level.txt")
>
- 22 May 2008 #3
Thijs GuestMy System SpecsRe: ACL and deleted groups
Hello Alan,
Thanks for your reply. I'll try fileACL. But on the other hand, I still
would like to know if it is possible.
Regads,
Thijs
"Allan" wrote:
> I find using fileacl works better than a script that complicated.
>
> Try this:
> http://www.microsoft.com/downloads/d...displaylang=en
>
> Thanks,
> Allan
>
> "Thijs" <Thijs@xxxxxx> wrote in message
> news:491135F3-C5EA-48BD-9BB8-748E9C83E756@xxxxxx
> > Hi, I'm writing a script which writes the ACL of folders to a file.
> > This work fine however there are folders that show deleted groups in the
> > ACL.
> > In the file you only see blanc's where domain and groups should have been
> > displayed.
> >
> > Is there a way to "show" the deleted folder (it shows on ACL as S-1)
> >
> > see the script below.
> >
> > kind regards,
> >
> > Thijs
> >
> > Dim Tekst
> > On Error Resume Next
> >
> > 'versie 4 voor MS001
> >
> > Const ForReading = 1, ForWriting = 2, ForAppending = 8
> > Set filesys = CreateObject("Scripting.FileSystemObject")
> >
> > Set FileTXT=FileSYS.GetFile("MS001-folder-ACL.txt")
> > Datum = FileTXT.DateLastModified
> > Jaar = DatePart("yyyy", Datum)
> > Maand = DatePart("m", Datum)
> > Dag = DatePart("d", Datum)
> > FileSYS.MoveFile "MS001-folder-ACL.txt", Jaar & "-" & Maand & "-" & Dag &
> > "-" & "MS001-folder-ACL.txt"
> >
> > Set filetxt = filesys.OpenTextFile("1st_level.txt", ForAppending, True)
> >
> > strComputer = "."
> >
> > Set objWMIService = GetObject("winmgmts:" _
> > & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
> >
> > Set colSubfolders = objWMIService.ExecQuery _
> > ("Associators of {Win32_Directory.Name='E:\project'} " _
> > & "Where AssocClass = Win32_Subdirectory " _
> > & "ResultRole = PartComponent")
> >
> > For Each objFolder In colSubfolders
> > filetxt.WriteLine(objFolder.Name)
> > Next
> >
> > filetxt.close
> >
> > Set filetxt = filesys.OpenTextFile("1st_level.txt", ForReading, True)
> >
> > ' -----------
> > Set filetxt = filesys.OpenTextFile("1st_level.txt", ForReading, True)
> > Set filetxt3 = filesys.OpenTextFile("MS001-folder-ACL.txt", ForAppending,
> > True)
> >
> > SE_DACL_PRESENT = &h4
> > ACCESS_ALLOWED_ACE_TYPE = &h0
> > ACCESS_DENIED_ACE_TYPE = &h1
> >
> > FILE_ALL_ACCESS = &h1f01ff
> > FOLDER_ADD_SUBDIRECTORY = &h000004
> > FILE_DELETE = &h010000
> > FILE_DELETE_CHILD = &h000040
> > FOLDER_TRAVERSE = &h000020
> > FILE_READ_ATTRIBUTES = &h000080
> > FILE_READ_CONTROL = &h020000
> > FOLDER_LIST_DIRECTORY = &h000001
> > FILE_READ_EA = &h000008
> > FILE_SYNCHRONIZE = &h100000
> > FILE_WRITE_ATTRIBUTES = &h000100
> > FILE_WRITE_DAC = &h040000
> > FOLDER_ADD_FILE = &h000002
> > FILE_WRITE_EA = &h000010
> > FILE_WRITE_OWNER = &h080000
> >
> > FileTxt3.WriteLine("Foldername" & vbtab & "Domain" & vbtab & "Security
> > Group" & vbtab & "Permissions" & vbtab & "Cumulatief")
> >
> > While Not filetxt.AtEndOfStream
> > strFolderName = filetxt.readline
> >
> > Set objWMIService = GetObject("winmgmts:")
> > Set objFolderSecuritySettings = _
> > objWMIService.Get("Win32_LogicalFileSecuritySetting='" & strFolderName &
> > "'")
> > intRetVal = objFolderSecuritySettings.GetSecurityDescriptor(objSD)
> >
> > intControlFlags = objSD.ControlFlags
> > If intControlFlags AND SE_DACL_PRESENT Then
> > arrACEs = objSD.DACL
> > For Each objACE in arrACEs
> > 'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
> > objACE.Trustee.Name)
> > If objACE.AceType = ACCESS_ALLOWED_ACE_TYPE Then
> > 'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
> > objACE.Trustee.Name & ";Allowed:")
> > ElseIf objACE.AceType = ACCESS_DENIED_ACE_TYPE Then
> > 'filetxt3.WriteLine(strFolderName & ";" & objACE.Trustee.Domain & "\" &
> > objACE.Trustee.Name & ";Denied:")
> > End If
> > If objACE.AccessMask AND FILE_ALL_ACCESS Then
> > Result=Result + FILE_ALL_ACCESS
> > End If
> > If objACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY Then
> > Result=Result + FOLDER_ADD_SUBDIRECTORY
> > End If
> > If objACE.AccessMask AND FILE_DELETE Then
> > Result=Result + FILE_DELETE
> > End If
> > If objACE.AccessMask AND FILE_DELETE_CHILD Then
> > Result=Result + FILE_DELETE_CHILD
> > End If
> > If objACE.AccessMask AND FOLDER_TRAVERSE Then
> > Result=Result + FOLDER_TRAVERSE
> > End If
> > If objACE.AccessMask AND FILE_READ_ATTRIBUTES Then
> > Result=Result + FILE_READ_ATTRIBUTES
> > End If
> > If objACE.AccessMask AND FILE_READ_CONTROL Then
> > Result=Result + FILE_READ_CONTROL
> > End If
> > If objACE.AccessMask AND FOLDER_LIST_DIRECTORY Then
> > Result=Result + FOLDER_LIST_DIRECTORY
> > End If
> > If objACE.AccessMask AND FILE_READ_EA Then
> > Result=Result + FILE_READ_EA
> > End If
> > If objACE.AccessMask AND FILE_SYNCHRONIZE Then
> > Result=Result + FILE_SYNCHRONIZE
> > End If
> > If objACE.AccessMask AND FILE_WRITE_ATTRIBUTES Then
> > Result=Result + FILE_WRITE_ATTRIBUTES
> > End If
> > If objACE.AccessMask AND FILE_WRITE_DAC Then
> > Result=Result + FILE_WRITE_DAC
> > End If
> > If objACE.AccessMask AND FOLDER_ADD_FILE Then
> > Result=Result + FOLDER_ADD_FILE
> > End If
> > If objACE.AccessMask AND FILE_WRITE_EA Then
> > Result=Result + FILE_WRITE_EA
> > End If
> > If objACE.AccessMask AND FILE_WRITE_OWNER Then
> > Result=Result + FILE_WRITE_OWNER
> > End If
> > strcheckname=objAce.Trustee.sid
> > WScript.Echo strcheckName &vbTab& objace.trustee.sid
> > If strcheckname = "" Then
> > strname= "Deleted"
> > Else
> > strname=objAce.Trustee.name
> > End If
> >
> > Select Case Result
> > Case 3211944
> > filetxt3.WriteLine (strFolderName & vbTab & objACE.Trustee.Domain
> > & vbTab & objACE.Trustee.Name & vbTab & "Read&Execute" & vbTab & Result)
> > Case 3277758
> > filetxt3.WriteLine (strFolderName & vbTab &
> > objACE.Trustee.Domain
> > & vbTab & objACE.Trustee.Name & vbTab & "Modify" & vbTab & Result)
> > Case 4064254
> > filetxt3.WriteLine (strFolderName & vbTab &
> > objACE.Trustee.Domain
> > & vbTab & objACE.Trustee.Name & vbTab & "Full Control" & vbTab & Result)
> > Case Else
> > filetxt3.WriteLine (strFolderName & vbTab &
> > objACE.Trustee.Domain
> > & vbTab & objACE.Trustee.Name & vbTab & "Special Permissions" & vbTab &
> > Result)
> > End Select
> > Next
> > Else
> > WScript.Echo "No DACL present in security descriptor"
> > End If
> > Wend
> > filetxt.Close
> > filetxt2.Close
> > filetxt3.Close
> > WScript.Echo "Done"
> > filesys.DeleteFile("1st_level.txt")
> >
ACL and deleted groups problems?
| Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| My deleted emails don't stay in my Deleted Items folder. | draperk | Vista mail | 3 | 08 Mar 2010 |
| Deleted Messages can't be deleted from "Deleted Items" | =?Utf-8?B?Q1ZNYXg=?= | Vista mail | 89 | 28 Feb 2010 |
| Outlook 2003 » Deleted files go to Deleted folder. [Remove] | ggodwin | Microsoft Office | 0 | 14 May 2009 |
| Search Displays Deleted File Names (in deleted folder) | Avery Tom Deacon Harry | Vista file management | 0 | 02 Jul 2008 |
| Deleted mail - bypass deleted folder? | Ron | Vista mail | 2 | 15 Dec 2007 |
