Listing NTFS Permissions

  • Thread starter Thread starter Roger Slocum
  • Start date Start date
R

Roger Slocum

How can I get a list of all of the assignments on a whole volume? I have
several servers that will be removed from one AD and put it in another so I
will loose all of the assignments. Besides I would like to have the
assignments documented.
 
You can use the "SHOWACLS" utility off the Resource Kit, and pipe it to a
file.

ie:
SHOWACLS /s >c:\NTFSRIGHTS.txt




showacls [/s] [/u:domain\user] [filespec]

Where:

/s
includes sub-directories
/u:domain\user
specifies domain\user
ACE header values
0x1 Object Inherit ACE
0x2 Container Inherit ACE
0x4 No Propagate Inherit ACE
0x8 Inherit Only ACE
Access mask values
Delete. Allows or denies deleting the file or folder. If you don't have
Delete permission on a file or folder, you can still delete it if you have
been granted the Delete Subfolders and Files permission on the parent
folder. D
File Append. Append Data allows or denies making changes to the end of the
file but not changing, deleting, or overwriting existing data (applies to
files only). a
File Execute. Execute File allows or denies running program files (applies
to files only). fx
File Read. File Read allows or denies viewing the attributes of a file or
folder, such as read-only and hidden. Attributes are defined by NTFS. r
File Write. Write Data allows or denies making changes to the file and
overwriting existing content (applies to files only). w
Generic All A
Generic Execute. Execute File allows or denies running program files
(applies to files only). X
Generic Read. Allows or denies viewing the attributes of a file or folder,
such as read-only and hidden. Attributes are defined by NTFS. R
Generic Write. Allows or denies changing the attributes of a file or folder,
such as read-only or hidden. Attributes are defined by NTFS. W
List Directory. List Folder allows or denies viewing file names and
subfolder names within the folder (applies to folders only). l
Read Data. Read Data allows or denies viewing data in files (applies to
files only). d
Read EA. Allows or denies viewing the extended attributes of a file or
folder. Extended attributes are defined by programs and may vary. rE
Synchronize. Allows or denies different threads to wait on the handle for
the file or folder and synchronize with another thread that may signal it.
This permission applies only to multithreaded, multiprocess programs. S
Write EA. Allows or denies changing the extended attributes of a file or
folder. Extended attributes are defined by programs and may vary. rW

How can I get a list of all of the assignments on a whole volume? I have
several servers that will be removed from one AD and put it in another so I
will loose all of the assignments. Besides I would like to have the
assignments documented.
 
This is a good tool but it shows the rights for every directory in the file
system. Unfortunatly our flesystem is huge. Is there a way just to show the
assignments where they are made?
MJC said:
You can use the "SHOWACLS" utility off the Resource Kit, and pipe it to a
file.

ie:
SHOWACLS /s >c:\NTFSRIGHTS.txt




showacls [/s] [/u:domain\user] [filespec]

Where:

/s
includes sub-directories
/u:domain\user
specifies domain\user
ACE header values
0x1 Object Inherit ACE
0x2 Container Inherit ACE
0x4 No Propagate Inherit ACE
0x8 Inherit Only ACE
Access mask values
Delete. Allows or denies deleting the file or folder. If you don't have
Delete permission on a file or folder, you can still delete it if you have
been granted the Delete Subfolders and Files permission on the parent
folder. D
File Append. Append Data allows or denies making changes to the end of the
file but not changing, deleting, or overwriting existing data (applies to
files only). a
File Execute. Execute File allows or denies running program files (applies
to files only). fx
File Read. File Read allows or denies viewing the attributes of a file or
folder, such as read-only and hidden. Attributes are defined by NTFS. r
File Write. Write Data allows or denies making changes to the file and
overwriting existing content (applies to files only). w
Generic All A
Generic Execute. Execute File allows or denies running program files
(applies to files only). X
Generic Read. Allows or denies viewing the attributes of a file or folder,
such as read-only and hidden. Attributes are defined by NTFS. R
Generic Write. Allows or denies changing the attributes of a file or folder,
such as read-only or hidden. Attributes are defined by NTFS. W
List Directory. List Folder allows or denies viewing file names and
subfolder names within the folder (applies to folders only). l
Read Data. Read Data allows or denies viewing data in files (applies to
files only). d
Read EA. Allows or denies viewing the extended attributes of a file or
folder. Extended attributes are defined by programs and may vary. rE
Synchronize. Allows or denies different threads to wait on the handle for
the file or folder and synchronize with another thread that may signal it.
This permission applies only to multithreaded, multiprocess programs. S
Write EA. Allows or denies changing the extended attributes of a file or
folder. Extended attributes are defined by programs and may vary. rW

How can I get a list of all of the assignments on a whole volume? I have
several servers that will be removed from one AD and put it in another so I
will loose all of the assignments. Besides I would like to have the
assignments documented.
Click to expand...
 
Back
Top