Click here to get back home

Folder Inheritance
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Folder Inheritance Damon Birrell 06-29-2005
Posted by Damon Birrell on June 29, 2005, 8:48 pm
Please log in for more thread options
 Howdy

I rather urgently require a WSH VBS function to return whether or not a W2K3
NTFS folder is inheriting its permissions from a parent folder.
I have scripts that audit folders using showacls, a script that parses the
audit logs for certain groups from one domain, and a third script that uses
xcacls.vbs to assign the permissions to the corresponding groups in another
domain. This is to aid a user migration process from one domain to another
as the ADMT tool does not migrate well known groups. i.e. we have NTFS
resources with permissions assigned to DOMAIN1\Domain Users. We would like
to grant the equivalent permissions to DOMAIN2\Domain Users and I can
achieve this with my current scripts.

My problem is that the third script that calls the xcacls script is quite
dumb and doesnt take into account inheritance. As a result, the script takes
*many* hours to execute when really it just need to adjust permissions on
several of the several thousand folders and inheritance will take care of
the rest. At the moment it is attempting to adjust perms on every folder,
rather than the folders where inheritance is turned off.

I dont mind using a a third party tool like setacl or something similar
(i.e. free :-). I need a function like:

Function FolderInherits(sFolder)

Returns True if sFolder inherits perms from its parent folder
Returns False if sFolder does not inherit perms from its parent folder

End Function


step through the array of folders
if not FolderInherits(sFolder)
Perform the Xcacls stuff
end if
next


Can anyone help? It would be greatly appreciated!

Regards
Damon




Posted by Roger Abell on June 29, 2005, 9:02 pm
Please log in for more thread options
 FYI

I will be watching this thread very closely, and hope to see an MS response.
In the past I have attempted this a couple ways in script, adssecurity.dll,
Wmi
objects for the SD, etc. and all have found cases where they do not
correctly
detect the inheritance, especially if the disk had ever been touched once on
a time by NT 4. My current belief is one needs to do this with the w32 api
or the managed namespace.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
> Howdy
>
> I rather urgently require a WSH VBS function to return whether or not a
W2K3
> NTFS folder is inheriting its permissions from a parent folder.
> I have scripts that audit folders using showacls, a script that parses the
> audit logs for certain groups from one domain, and a third script that
uses
> xcacls.vbs to assign the permissions to the corresponding groups in
another
> domain. This is to aid a user migration process from one domain to another
> as the ADMT tool does not migrate well known groups. i.e. we have NTFS
> resources with permissions assigned to DOMAIN1\Domain Users. We would like
> to grant the equivalent permissions to DOMAIN2\Domain Users and I can
> achieve this with my current scripts.
>
> My problem is that the third script that calls the xcacls script is quite
> dumb and doesnt take into account inheritance. As a result, the script
takes
> *many* hours to execute when really it just need to adjust permissions on
> several of the several thousand folders and inheritance will take care of
> the rest. At the moment it is attempting to adjust perms on every folder,
> rather than the folders where inheritance is turned off.
>
> I dont mind using a a third party tool like setacl or something similar
> (i.e. free :-). I need a function like:
>
> Function FolderInherits(sFolder)
>
> Returns True if sFolder inherits perms from its parent folder
> Returns False if sFolder does not inherit perms from its parent folder
>
> End Function
>
>
> step through the array of folders
> if not FolderInherits(sFolder)
> Perform the Xcacls stuff
> end if
> next
>
>
> Can anyone help? It would be greatly appreciated!
>
> Regards
> Damon
>
>




Similar ThreadsPosted
Inheritance check box disappeared August 7, 2007, 3:01 am
User Security Inheritance in Active Directory May 21, 2008, 1:44 pm
View folder nested in other unviewable folder January 15, 2007, 2:24 pm
failed/successfull audit delete folder and delete file and folder November 15, 2006, 8:12 am
Folder and Sub-folder permissions September 5, 2007, 5:01 pm
Missing Folder July 1, 2005, 9:49 am
How to set folder permissions May 3, 2006, 9:08 am
How to set this Folder security October 5, 2006, 8:25 pm
Folder Security November 17, 2006, 6:34 am
Hidding folder? April 23, 2007, 8:32 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap