|
Posted by Jesper on January 7, 2007, 2:53 pm
Please log in for more thread options Looks a fair bit like the old NTSec toolkit from Pedestal Software.
Unfortunately, they were bought out by Altiris, who subsequently killed that
product.
"Jorge de Almeida Pinto [MVP - DS]" wrote:
> have you tried:
> http://www.gbordier.com/gbtools/fileacl.htm
>
> --
>
> Cheers,
> (HOPEFULLY THIS INFORMATION HELPS YOU!)
>
> # Jorge de Almeida Pinto # MVP Windows Server - Directory Services
>
> BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
> BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>
------------------------------------------------------------------------------------------
> * How to ask a question --> http://support.microsoft.com/?id=555375
>
------------------------------------------------------------------------------------------
> * This posting is provided "AS IS" with no warranties and confers no rights!
> * Always test before implementing!
>
------------------------------------------------------------------------------------------
> #################################################
> #################################################
>
------------------------------------------------------------------------------------------
> >I think you'll like it. icacls is quite promising. It is not as powerful as
> > subinacl in terms of the number of objects it operates on, but it has some
> > interesting features that are not found elsewhere, such as the ability to
> > propagate ACLs. You can also use it to dump the ACLs of a whole hierarchy
> > to
> > a near-text file, which you can then grep for patterns, for instance.
> >
> > "Roger Abell [MVP]" wrote:
> >
> >> > Roger, have you tried icacls in Vista? It has a number of bugs in it,
> >> > but
> >> > also shows some promise.
> >> >
> >>
> >> No I have not, at least that is not against what I find the most
> >> problematic, which is storage that has been existing since NT 4
> >> and so seen a few changes in ACE flag semantics.
> >> That is a good idea to test it out though, so I will watch for
> >> an opportunity.
> >>
> >> Roger
> >>
> >>
> >>
> >> > "Roger Abell [MVP]" wrote:
> >> >
> >> >> I have yet to find any scriptable tool that can reliably do the
> >> >> detection
> >> >> of inherited or not on storage that has had an arbitrary history.
> >> >>
> >> >> See thread begun December 20, 2006 1:47 PM with subject
> >> >> Enum only files/folders where explicit NTFS rights have been sette
> >> >> in microsoft.public.security
> >> >> for list of other tools that have been tried and found lacking
> >> >>
> >> >> > Hi guys
> >> >> >
> >> >> > Looking for an easy to use tool (prferably one that is scriptable)
> >> >> > which
> >> >> > can walk through all folders, shares (and all directory objects,
> >> >> > too -
> >> >> > a
> >> >> > guy can wish can't he?) so that I can rapidly discover those files
> >> >> > with
> >> >> > an
> >> >> > unknown/broken SID or explicitly granted permissions whcih are
> >> >> > always
> >> >> > buried 3 folders deep in SYSVOL or
> >> >> > docs&sets/administrator/localsetting
> >> >> > s/foo, which were put there because the previous admin needed to do
> >> >> > a
> >> >> > quick workaround or just plain didn't appreciate what a pain it
> >> >> > would
> >> >> > be
> >> >> > for the next guy to figure out where all these goodies are stashed.
> >> >> >
> >> >> > TreeSize Pro 4 sort of does this, but I don't know if it is
> >> >> > scriptable,
> >> >> > and it just groups files by user (and lumps all nameless users under
> >> >> > one
> >> >> > big 'unknown' category) - it doesn't address the
> >> >> > inheritance-explicit
> >> >> > permissions issue.
> >> >> >
> >> >> > Any ideas are welcome
> >> >> >
> >> >> > Rob
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
| 
XML Sitemap