Hello all. I'm wondering if there would be someone out there that
could help me out. I've created a script to go out and list all of
the share permissions on a server, and report on which groups have
access that share permission. I need a more comprehensive look at my
NTFS permissions (Inheriting an 8 year old AD/NTFS structure and need
to make sure it's all cleaned up)

What I'm looking for is a script, or addition to my script that will
go out to a particuar server, pull it's share information and not only
report on the users/groups that have access to that share, but I need
it to enumerate all NTFS permissions on it as well, including any and
all of it's child folders. Does that make any sense?



My script that I have created is below and I'd be much appriciative if
anyone could lend me a hand on this.

Thanks

On Error Resume Next
Const forAppending = 8
Const createFile = True
Const forReading = True
Set objFSO = CreateObject("Scripting.FileSystemObject")
'arrComputers = Array("Computer01","Computer02")
arrComputers = Array(".")

For Each strComputer In arrComputers
Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
Results.txt"), forAppending, createFile)
strWrite = "====================================" & vbcrlf &
"Computer: " & strComputer & vbcrlf _
& "====================================" & Vbcrlf & Vbcrlf
objFile.Write strWrite
objFile.Close

Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colACLs = objWMI.ExecQuery("Select * from win32_share")

For Each share In colACLs
strDir = share.path
Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
Results.txt"), forAppending, createFile)
strWrite = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" &
vbcrlf & "Share Name: " & Share.name & vbcrlf _
& vbtab & "Desc: " & vbtab & vbtab & vbtab
& Share.Caption & vbcrlf _
& vbtab & "Path: " & vbtab & vbtab & vbtab
& Share.path & vbcrlf _
& vbtab & "Type: " & vbtab & vbtab & vbtab
& Share.Type & vbcrlf _
& vbtab & "Max Connections: " & vtab & vtab
& vbtab & Share.MaximumAllowed & vbcrlf _
& vbtab & "Share Security: " & vbcrlf
objFile.Write strWrite
objFile.Close

strDir = Replace(strDir,"\","\\")
Set colACLs = objWMI.ExecQuery("Select * from
win32_logicalFileSecuritySetting WHERE Path='" & strDir & "'",,48)

for each objItem in colACLs
If objItem.GetSecurityDescriptor(objSD) Then
WScript.Echo "GetSecurityDescriptor failed"
DisplayFileSecurity = False
WScript.Quit
End If

For each objAccessList in objSD.DACL
strAccessList = objAccessList.Trustee.Domain & "\" &
objAccessList.Trustee.Name
Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
Results.txt"), forAppending, createFile)
strWrite = " " & vbtab & vbtab & vbtab
& vbtab & strAccessList & vbcrlf & vbcrlf
objFile.Write strWrite
objFile.Close
Next
Next
Next
Next

"GBPackerBacker" <gbpackerbacker@xxxxxx> wrote in message
news:eb422d8c-ef4b-47cd-a364-08eb55e110f6@xxxxxx

> Hello all. I'm wondering if there would be someone out there that
> could help me out. I've created a script to go out and list all of
> the share permissions on a server, and report on which groups have
> access that share permission. I need a more comprehensive look at my
> NTFS permissions (Inheriting an 8 year old AD/NTFS structure and need
> to make sure it's all cleaned up)
>
> What I'm looking for is a script, or addition to my script that will
> go out to a particuar server, pull it's share information and not only
> report on the users/groups that have access to that share, but I need
> it to enumerate all NTFS permissions on it as well, including any and
> all of it's child folders. Does that make any sense?

That makes a lot of sense. In fact, this is a commonly wished for tool...

The trouble with most existing NTFS permission structures I have ever seen
is that they are way mroe complex than they need be. I once wrote a script
that did more or less what you were looking for for all the files and
folders in one folder. The output was so voluminous and detailed that it
actually made it harder to see what the intent was.

I eventually dropped the approach in favour of running cacls.exe, searching
the output for permissions to users, and trying to determine a reasonably
generic set of replacement permissions. It took a while, but now that it is
done I have less need of a tool to analyze permissions, as we now have a
more structured approach.

/Al

> My script that I have created is below and I'd be much appriciative if
> anyone could lend me a hand on this.
>
> Thanks
>
> On Error Resume Next
> Const forAppending = 8
> Const createFile = True
> Const forReading = True
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> 'arrComputers = Array("Computer01","Computer02")
> arrComputers = Array(".")
>
> For Each strComputer In arrComputers
> Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
> Results.txt"), forAppending, createFile)
> strWrite = "====================================" & vbcrlf &
> "Computer: " & strComputer & vbcrlf _
> & "====================================" & Vbcrlf & Vbcrlf
> objFile.Write strWrite
> objFile.Close
>
> Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colACLs = objWMI.ExecQuery("Select * from win32_share")
>
> For Each share In colACLs
> strDir = share.path
> Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
> Results.txt"), forAppending, createFile)
> strWrite = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" &
> vbcrlf & "Share Name: " & Share.name & vbcrlf _
> & vbtab & "Desc: " & vbtab & vbtab & vbtab
> & Share.Caption & vbcrlf _
> & vbtab & "Path: " & vbtab & vbtab & vbtab
> & Share.path & vbcrlf _
> & vbtab & "Type: " & vbtab & vbtab & vbtab
> & Share.Type & vbcrlf _
> & vbtab & "Max Connections: " & vtab & vtab
> & vbtab & Share.MaximumAllowed & vbcrlf _
> & vbtab & "Share Security: " & vbcrlf
> objFile.Write strWrite
> objFile.Close
>
> strDir = Replace(strDir,"\","\\")
> Set colACLs = objWMI.ExecQuery("Select * from
> win32_logicalFileSecuritySetting WHERE Path='" & strDir & "'",,48)
>
> for each objItem in colACLs
> If objItem.GetSecurityDescriptor(objSD) Then
> WScript.Echo "GetSecurityDescriptor failed"
> DisplayFileSecurity = False
> WScript.Quit
> End If
>
> For each objAccessList in objSD.DACL
> strAccessList = objAccessList.Trustee.Domain & "\" &
> objAccessList.Trustee.Name
> Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
> Results.txt"), forAppending, createFile)
> strWrite = " " & vbtab & vbtab & vbtab
> & vbtab & strAccessList & vbcrlf & vbcrlf
> objFile.Write strWrite
> objFile.Close
> Next
> Next
> Next
> Next

On Oct 7, 7:38*am, "Al Dunbar" <AlanD...@xxxxxx> wrote:

> "GBPackerBacker" <gbpackerbac...@xxxxxx> wrote in message
>
> news:eb422d8c-ef4b-47cd-a364-08eb55e110f6@xxxxxx
>

> > Hello all. I'm wondering if there would be someone out there that
> > could help me out. *I've created a script to go out and list all of
> > the share permissions on a server, and report on which groups have
> > access that share permission. *I need a more comprehensive look at my
> > NTFS permissions (Inheriting an 8 year old AD/NTFS structure and need
> > to make sure it's all cleaned up)

>

> > What I'm looking for is a script, or addition to my script that will
> > go out to a particuar server, pull it's share information and not only
> > report on the users/groups that have access to that share, but I need
> > it to enumerate all NTFS permissions on it as well, including any and
> > all of it's child folders. *Does that make any sense?

>
> That makes a lot of sense. In fact, this is a commonly wished for tool...
>
> The trouble with most existing NTFS permission structures I have ever seen
> is that they are way mroe complex than they need be. I once wrote a script
> that did more or less what you were looking for for all the files and
> folders in one folder. The output was so voluminous and detailed that it
> actually made it harder to see what the intent was.
>
> I eventually dropped the approach in favour of running cacls.exe, searching
> the output for permissions to users, and trying to determine a reasonably
> generic set of replacement permissions. It took a while, but now that it is
> done I have less need of a tool to analyze permissions, as we now have a
> more structured approach.
>
> /Al
>

> > My script that I have created is below and I'd be much appriciative if
> > anyone could lend me a hand on this.

>

> > Thanks

>

> > On Error Resume Next
> > Const forAppending = 8
> > Const createFile = True
> > Const forReading = True
> > Set objFSO = CreateObject("Scripting.FileSystemObject")
> > 'arrComputers = Array("Computer01","Computer02")
> > arrComputers = Array(".")

>

> > For Each strComputer In arrComputers
> > * *Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
> > Results.txt"), forAppending, createFile)
> > * *strWrite = "====================================" & vbcrlf &
> > "Computer: " & strComputer & vbcrlf _
> > * *& "====================================" & Vbcrlf & Vbcrlf
> > * *objFile.Write strWrite
> > * *objFile.Close

>

> > Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> > Set colACLs = objWMI.ExecQuery("Select * from win32_share")

>

> > For Each share In colACLs
> > strDir = share.path
> > * Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
> > Results.txt"), forAppending, createFile)
> > * * * * * * * * *strWrite = "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" &
> > vbcrlf & "Share Name: " & Share.name & vbcrlf _
> > * * * * * * * * * * * * * & vbtab & "Desc: " & vbtab & vbtab & vbtab
> > & Share.Caption & vbcrlf _
> > * * * * * * * * * * * * * & vbtab & "Path: " & vbtab & vbtab & vbtab
> > & Share.path & vbcrlf _
> > * * * * * * * * * * * * * & vbtab & "Type: " & vbtab & vbtab & vbtab
> > & Share.Type & vbcrlf _
> > * * * * * * * * * * * * * & vbtab & "Max Connections: " & vtab & vtab
> > & vbtab & Share.MaximumAllowed & vbcrlf _
> > * * * * * * * * * * * * * & vbtab & "Share Security: " & vbcrlf
> > * * * * * * * * * * * * * objFile.Write strWrite
> > * * * * * * * * * * * * * objFile.Close

>

> > strDir = Replace(strDir,"\","\\")
> > Set colACLs = objWMI.ExecQuery("Select * from
> > win32_logicalFileSecuritySetting WHERE Path='" & strDir & "'",,48)

>

> > for each objItem in colACLs
> > If objItem.GetSecurityDescriptor(objSD) Then
> > WScript.Echo "GetSecurityDescriptor failed"
> > DisplayFileSecurity = False
> > WScript.Quit
> > End If

>

> > For each objAccessList in objSD.DACL
> > strAccessList = objAccessList.Trustee.Domain & "\" &
> > objAccessList.Trustee.Name
> > Set objFile = objFSO.OpenTextFile (("C:\NTFS Perms Script
> > Results.txt"), forAppending, createFile)
> > * * * * * * * * * * * * * * * *strWrite= " " & vbtab & vbtab & vbtab
> > & vbtab & strAccessList & vbcrlf & vbcrlf
> > objFile.Write strWrite
> > * * * * * * * * * * * * * * * *objFile.Close
> > Next
> > * * * * Next
> > Next
> > Next

You can try out and/or review source code of our NTFS Stuff v.1.0 WSH
Script: http://www.notageek.it/wsh-vbs-ntfs-stuff-eng.html
It is a quite complex script, If you like it please let me know :-)

Authors: Mirko Iodice, Luca Alberti
Brief Description:

"NTFS Stuff is an useful WSH script, written to be used on a
fileserver, that generates an HTML report which displays the NTFS
access permissions structure. Two different “verbosity” levels make
possible to display only the details of “significant” folders or those
of the entire folders tree. In addition to the DACL of each single
folder the resultant report shows other informations, such as:
creation date, last modified date, owner, NTFS inheritance.
We have paid particular attention to the graphical representation of
informations, colours and symbols make easier to note changes in the
normal application of NTFS permissions, precisely based, as we said
before, on the “inheritance” principle."