Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ACL

2 views
Skip to first unread message

Michelle Yu

unread,
Jul 17, 2003, 1:33:28 PM7/17/03
to
Hi,

What is the VB script to find whether a folder has granted
change access to a domain local group?

Michelle

Ron Rosenkoetter

unread,
Jul 18, 2003, 9:03:31 AM7/18/03
to
>.
>

The following script shows all permissions on a folder.
Modify it to check for a certain group (i.e. Do a compare
on objACE.Trustee.Name)

Ron


On Error Resume Next


'Set Log File Name
LogFileName = "c:\ShowPermissions.log"

'Set File Constants
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

'Setting the Arguments
Set objArgs = Wscript.Arguments
If ObjArgs.Count > 0 Then
Arg1 = objArgs(0)
Else
wscript.echo "Please specify all required arguments.
Run this script again "
wscript.echo "with a /? as the first argument to see
the help file"
Wscript.Quit
End If

'Checking if Help file is needed
HELP = 0

If Arg1 = "help" Then HELP = 1
If Arg1 = "/?" Then HELP = 1
If Arg1 = "?" Then HELP = 1

' Doubles as Help document and Purpose of script REMARKS
If HELP = 1 then

wscript.echo " ******************************"
wscript.echo " * Script: ShowPermissions.vbs"
wscript.echo " * Creation Date: 2-3-2003"
wscript.echo " * Author: Ron Rosenkoetter"
wscript.echo " * E-mail:
Ronald.Ro...@gentiva.com"
wscript.echo " *"
wscript.echo " * Description: This script will
display "
wscript.echo " * the permissions on the specified
file"
wscript.echo " * or folder. Note that you have to
use "
wscript.echo " * an UNC path. "
wscript.echo " *"
wscript.echo " * Usage: ShowPermissions.vbs
[options]"
wscript.echo " *"
wscript.echo " * /f: File or Folder Path (UNC) "
wscript.echo " * [required]"
wscript.echo " *"
wscript.echo " * Example: ShowPermissions.vbs
\\ksovepfnp001\data"
wscript.echo " *"
wscript.echo " ******************************"

Wscript.Quit
End If

'Make sure required options are specified
If NOT Wscript.Arguments.Named.Exists("f") Then
wscript.echo "Please specify all required arguments.
Run this script again "
wscript.echo "with a /? as the first argument to see
the help file"
Wscript.Quit
End If

'Set Option Variables
FolderPath = Wscript.Arguments.Named("f")

'Create the File System Object
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Open a log file for printing results
Wscript.Echo "Opening Log File"
Set LogFile = objFSO.OpenTextFile
(LogFileName,ForWriting,True)
If Err.Number <> 0 then
Wscript.Echo "Unable to open the " & LogFileName
Wscript.Quit
End If


'A WMI call needs a server name and an explicit path to
the folder.
'Split the FolderPath on the backslashes
Folders = split(FolderPath,"\")

'The first two elements of the Folders array are empty
(because of the leading
'two backslashes). The third element is the Server name,
and the fourth element is the Share name.
ServerName = Folders(2)
FileShareName = Folders(3)
Set objFileShare = GetObject("WinNT://" & ServerName
& "/LanmanServer/" & FileShareName)

'Get the path of the FileShare
ExplicitPath = objFileShare.Path

'Add the remaining subfolders back on to the Explicit Path
For i = 4 to UBound(Folders)
ExplicitPath = ExplicitPath & "\" & Folders(i)
Next

'Create an Security object
Set objSecurity = GetObject("winmgmts:\\" & ServerName
& "\root\cimv2:Win32_LogicalFileSecuritySetting='" &
ExplicitPath & "'")

'Get a Security Descriptor object
If objSecurity.GetSecurityDescriptor(objSD) = 0 Then

'Create an Owner object
Set objOwner = objSD.Owner
Message objSecurity.Path & " on " & ServerName & " is
owned by " & objOwner.Name & vbCrLF

'Loop through each ACE object inside the DACL
For Each objACE in objSD.DACL
Permissions = "--Special--"
If objAce.AccessMask = 2032127 Then Permissions
= "Full"
If objAce.AccessMask = 1245631 Then Permissions
= "Change"
If objAce.AccessMask = 1179817 Then Permissions
= "Read"

'Make the output pretty by standardizing the length by
adding spaces. Use
'IsNull to make sure an Trustee.Name exists for the ACE
If NOT IsNull(objACE.Trustee.Name) Then
LengthACEName = Len(objACE.Trustee.Name)
ACEName = objACE.Trustee.Name & Space(40 -
LengthACEName)
Message " " & ACEName & " " & Permissions
Else
Message " No name for SID <----"
End If



Next
End If


QuitProgram

'#############################

'Function CheckForErrorQuit

Function CheckForErrorQuit()
If Err.Number <> 0 then
Message "Error #" & Err.Number & " - " &
Err.Description
CheckForErrorQuit = Err.Description
QuitProgram
End If
End Function

'#############################

'Function CheckForErrorClear

Function CheckForErrorClear()
If Err.Number <> 0 then
Message "Error # " & Err.Number & " - " &
Err.Description
CheckForErrorClear = Err.Description
Err.Clear
End If
End Function

'#############################

'Subroutine Message

Sub Message (Text)
Wscript.Echo Text
LogFile.WriteLine Text
End Sub

'#############################

'Subrountine QuitProgram

Sub QuitProgram

LogFile.Close

Wscript.Echo " "

Wscript.Echo "********************************************
********"
Wscript.Echo "* Use notepad " & LogFileName & " to
see a log of these results"

Wscript.Echo "********************************************
********"

Wscript.Quit

End Sub

'############################

0 new messages