Vista - Enumeration of NTFS Permissions including child objects....

Hello all. I'm wondering if there would be someone out there that
could help me out. I've created a script to go out and list all of
the share permissions on a server, and report on which groups have
access that share permission. I need a more comprehensive look at my
NTFS permissions (Inheriting an 8 year old AD/NTFS structure and need
to make sure it's all cleaned up)

What I'm looking for is a script, or addition to my script that will
go out to a particuar server, pull it's share information and not only
report on the users/groups that have access to that share, but I need
it to enumerate all NTFS permissions on it as well, including any and
all of it's child folders. Does that make any sense?

My script that I have created is below and I'd be much appriciative if
anyone could lend me a hand on this.

Thanks

On Error Resume Next
Const forAppending = 8
Const createFile = True
Const forReading = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
'arrComputers = Array("Computer01","Computer02")
arrComputers = Array(".")

For Each strComputer In arrComputers
Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
Results.txt"), forAppending, createFile)
strWrite = "====================================" & vbcrlf &
"Computer: " & strComputer & vbcrlf _
& "====================================" & Vbcrlf & Vbcrlf
objFile.Write strWrite
objFile.Close

Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colACLs = objWMI.ExecQuery("Select * from win32_share")

For Each share In colACLs
strDir = share.path
Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
Results.txt"), forAppending, createFile)
strWrite = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" &
vbcrlf & "Share Name: " & Share.name & vbcrlf _
& vbtab & "Desc: " & vbtab & vbtab & vbtab
& Share.Caption & vbcrlf _
& vbtab & "Path: " & vbtab & vbtab & vbtab
& Share.path & vbcrlf _
& vbtab & "Type: " & vbtab & vbtab & vbtab
& Share.Type & vbcrlf _
& vbtab & "Max Connections: " & vtab & vtab
& vbtab & Share.MaximumAllowed & vbcrlf _
& vbtab & "Share Security: " & vbcrlf
objFile.Write strWrite
objFile.Close

strDir = Replace(strDir,"\","\\")
Set colACLs = objWMI.ExecQuery("Select * from
win32_logicalFileSecuritySetting WHERE Path='" & strDir & "'",,48)

for each objItem in colACLs
If objItem.GetSecurityDescriptor(objSD) Then
WScript.Echo "GetSecurityDescriptor failed"
DisplayFileSecurity = False
WScript.Quit
End If

For each objAccessList in objSD.DACL
strAccessList = objAccessList.Trustee.Domain & "\" &
objAccessList.Trustee.Name
Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
Results.txt"), forAppending, createFile)
strWrite = " " & vbtab & vbtab & vbtab
& vbtab & strAccessList & vbcrlf & vbcrlf
objFile.Write strWrite
objFile.Close
Next
Next
Next
Next

"GBPackerBacker" <gbpackerbacker@xxxxxx> wrote in message
news:eb422d8c-ef4b-47cd-a364-08eb55e110f6@xxxxxxThat makes a lot of sense. In fact, this is a commonly wished for tool...

The trouble with most existing NTFS permission structures I have ever seen
is that they are way mroe complex than they need be. I once wrote a script
that did more or less what you were looking for for all the files and
folders in one folder. The output was so voluminous and detailed that it
actually made it harder to see what the intent was.

I eventually dropped the approach in favour of running cacls.exe, searching
the output for permissions to users, and trying to determine a reasonably
generic set of replacement permissions. It took a while, but now that it is
done I have less need of a tool to analyze permissions, as we now have a
more structured approach.

/Al

On Oct 7, 7:38*am, "Al Dunbar" <AlanD...@xxxxxx> wrote:You can try out and/or review source code of our NTFS Stuff v.1.0 WSH
Script: http://www.notageek.it/wsh-vbs-ntfs-stuff-eng.html
It is a quite complex script, If you like it please let me know :-)

Authors: Mirko Iodice, Luca Alberti
Brief Description:

"NTFS Stuff is an useful WSH script, written to be used on a
fileserver, that generates an HTML report which displays the NTFS
access permissions structure. Two different “verbosity” levels make
possible to display only the details of “significant” folders or those
of the entire folders tree. In addition to the DACL of each single
folder the resultant report shows other informations, such as:
creation date, last modified date, owner, NTFS inheritance.
We have paid particular attention to the graphical representation of
informations, colours and symbols make easier to note changes in the
normal application of NTFS permissions, precisely based, as we said
before, on the “inheritance” principle."