How can I script a full listing of a security group rights assignm

TheMSsForum.com: The Microsoft Software Forum

I have a security group called chd.employees

I want to know all folders that this group has access to whether it's
read/write/list etc.

I have scoured the newsgroups looking for something to help me with this.

Does anyone have one to do this or any suggestions on where to look.

Thanks in advance.

Gordon
Top

Re: How can I script a full listing of a security group rights assignm by Pegasus

Pegasus
Mon Mar 03 08:35:57 CST 2008


"Gordon" <Gordon@discussions.microsoft.com> wrote in message
news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
>I have a security group called chd.employees
>
> I want to know all folders that this group has access to whether it's
> read/write/list etc.
>
> I have scoured the newsgroups looking for something to help me with this.
>
> Does anyone have one to do this or any suggestions on where to look.
>
> Thanks in advance.
>
> Gordon

You could run this batch file:
@echo off
if exist c:\perms.txt del c:\perms.txt
dir /s /b /ad "d:\User Data" > c:\Dir.txt
for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
"chd.employees" >nul && echo %%* >> c:\perms.txt
notepad c:\perms.txt

Watch out for line wrap!


Top

Re: How can I script a full listing of a security group rights ass by Gordon

Gordon
Mon Mar 03 10:35:02 CST 2008

This is an active directory security group (chd.employees) that I am trying
to enumerate and find all the folders or objects that the group has access to.

When I run your script it comes up and says:

File Not Found
'"chd.mployees"' is not recognized as an internal or external command,
operable program or batch file.


Myself not being a great scripter any ideas?

Thanks again for the help!!!!




"Pegasus (MVP)" wrote:

>
> "Gordon" <Gordon@discussions.microsoft.com> wrote in message
> news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
> >I have a security group called chd.employees
> >
> > I want to know all folders that this group has access to whether it's
> > read/write/list etc.
> >
> > I have scoured the newsgroups looking for something to help me with this.
> >
> > Does anyone have one to do this or any suggestions on where to look.
> >
> > Thanks in advance.
> >
> > Gordon
>
> You could run this batch file:
> @echo off
> if exist c:\perms.txt del c:\perms.txt
> dir /s /b /ad "d:\User Data" > c:\Dir.txt
> for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
> "chd.employees" >nul && echo %%* >> c:\perms.txt
> notepad c:\perms.txt
>
> Watch out for line wrap!
>
>
>
Top

Re: How can I script a full listing of a security group rights ass by Pegasus

Pegasus
Mon Mar 03 10:46:33 CST 2008

Ah, the line wrapper strikes again! The "chd.employees" part
belongs to the preceding line. Here is that line again:

for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
"chd.employees" >nul && echo %%* >> c:\perms.txt

It is one single line that starts with "for" and ends with "txt". It your
newsreader turns it into two lines then you must turn it back
into one line!


"Gordon" <Gordon@discussions.microsoft.com> wrote in message
news:602BF012-6B96-4BD2-84C3-66469EC6680F@microsoft.com...
> This is an active directory security group (chd.employees) that I am
> trying
> to enumerate and find all the folders or objects that the group has access
> to.
>
> When I run your script it comes up and says:
>
> File Not Found
> '"chd.mployees"' is not recognized as an internal or external command,
> operable program or batch file.
>
>
> Myself not being a great scripter any ideas?
>
> Thanks again for the help!!!!
>
>
>
>
> "Pegasus (MVP)" wrote:
>
>>
>> "Gordon" <Gordon@discussions.microsoft.com> wrote in message
>> news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
>> >I have a security group called chd.employees
>> >
>> > I want to know all folders that this group has access to whether it's
>> > read/write/list etc.
>> >
>> > I have scoured the newsgroups looking for something to help me with
>> > this.
>> >
>> > Does anyone have one to do this or any suggestions on where to look.
>> >
>> > Thanks in advance.
>> >
>> > Gordon
>>
>> You could run this batch file:
>> @echo off
>> if exist c:\perms.txt del c:\perms.txt
>> dir /s /b /ad "d:\User Data" > c:\Dir.txt
>> for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
>> "chd.employees" >nul && echo %%* >> c:\perms.txt
>> notepad c:\perms.txt
>>
>> Watch out for line wrap!
>>
>>
>>



Top

Re: How can I script a full listing of a security group rights ass by Gordon

Gordon
Mon Mar 03 11:18:02 CST 2008

OK, Last question.

With the directories it is searching, I have them on a SAN that creates
snapshots.
Those snapshot directories start with a ~, so I have a directory called
s:\~.5hours, one called s:\~1hour etc.

How can I add an exclusion in this script to skip all directories with a ~
in front.

Thanks again for the help.

"Gordon" wrote:

> This is an active directory security group (chd.employees) that I am trying
> to enumerate and find all the folders or objects that the group has access to.
>
> When I run your script it comes up and says:
>
> File Not Found
> '"chd.mployees"' is not recognized as an internal or external command,
> operable program or batch file.
>
>
> Myself not being a great scripter any ideas?
>
> Thanks again for the help!!!!
>
>
>
>
> "Pegasus (MVP)" wrote:
>
> >
> > "Gordon" <Gordon@discussions.microsoft.com> wrote in message
> > news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
> > >I have a security group called chd.employees
> > >
> > > I want to know all folders that this group has access to whether it's
> > > read/write/list etc.
> > >
> > > I have scoured the newsgroups looking for something to help me with this.
> > >
> > > Does anyone have one to do this or any suggestions on where to look.
> > >
> > > Thanks in advance.
> > >
> > > Gordon
> >
> > You could run this batch file:
> > @echo off
> > if exist c:\perms.txt del c:\perms.txt
> > dir /s /b /ad "d:\User Data" > c:\Dir.txt
> > for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
> > "chd.employees" >nul && echo %%* >> c:\perms.txt
> > notepad c:\perms.txt
> >
> > Watch out for line wrap!
> >
> >
> >
Top

Re: How can I script a full listing of a security group rights ass by Pegasus

Pegasus
Mon Mar 03 11:36:30 CST 2008

This should work (untested):

@echo off
if exist c:\perms.txt del c:\perms.txt
dir /s /b /ad "d:\User Data" | find /i /v "S:\~" > c:\Dir.txt
for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
"chd.employees" >nul && echo %%* >> c:\perms.txt
notepad c:\perms.txt

"Gordon" <Gordon@discussions.microsoft.com> wrote in message
news:04DFB9DC-73AE-4B5B-92DA-F84ACE0DC758@microsoft.com...
> OK, Last question.
>
> With the directories it is searching, I have them on a SAN that creates
> snapshots.
> Those snapshot directories start with a ~, so I have a directory called
> s:\~.5hours, one called s:\~1hour etc.
>
> How can I add an exclusion in this script to skip all directories with a ~
> in front.
>
> Thanks again for the help.
>
> "Gordon" wrote:
>
>> This is an active directory security group (chd.employees) that I am
>> trying
>> to enumerate and find all the folders or objects that the group has
>> access to.
>>
>> When I run your script it comes up and says:
>>
>> File Not Found
>> '"chd.mployees"' is not recognized as an internal or external command,
>> operable program or batch file.
>>
>>
>> Myself not being a great scripter any ideas?
>>
>> Thanks again for the help!!!!
>>
>>
>>
>>
>> "Pegasus (MVP)" wrote:
>>
>> >
>> > "Gordon" <Gordon@discussions.microsoft.com> wrote in message
>> > news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
>> > >I have a security group called chd.employees
>> > >
>> > > I want to know all folders that this group has access to whether it's
>> > > read/write/list etc.
>> > >
>> > > I have scoured the newsgroups looking for something to help me with
>> > > this.
>> > >
>> > > Does anyone have one to do this or any suggestions on where to look.
>> > >
>> > > Thanks in advance.
>> > >
>> > > Gordon
>> >
>> > You could run this batch file:
>> > @echo off
>> > if exist c:\perms.txt del c:\perms.txt
>> > dir /s /b /ad "d:\User Data" > c:\Dir.txt
>> > for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
>> > "chd.employees" >nul && echo %%* >> c:\perms.txt
>> > notepad c:\perms.txt
>> >
>> > Watch out for line wrap!
>> >
>> >
>> >


Top

Re: How can I script a full listing of a security group rights ass by Gordon

Gordon
Mon Mar 03 13:16:02 CST 2008

I am running it now, it's taking forever, but I believe it is working.

Thanks for the help!!!!!

"Pegasus (MVP)" wrote:

> This should work (untested):
>
> @echo off
> if exist c:\perms.txt del c:\perms.txt
> dir /s /b /ad "d:\User Data" | find /i /v "S:\~" > c:\Dir.txt
> for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
> "chd.employees" >nul && echo %%* >> c:\perms.txt
> notepad c:\perms.txt
>
> "Gordon" <Gordon@discussions.microsoft.com> wrote in message
> news:04DFB9DC-73AE-4B5B-92DA-F84ACE0DC758@microsoft.com...
> > OK, Last question.
> >
> > With the directories it is searching, I have them on a SAN that creates
> > snapshots.
> > Those snapshot directories start with a ~, so I have a directory called
> > s:\~.5hours, one called s:\~1hour etc.
> >
> > How can I add an exclusion in this script to skip all directories with a ~
> > in front.
> >
> > Thanks again for the help.
> >
> > "Gordon" wrote:
> >
> >> This is an active directory security group (chd.employees) that I am
> >> trying
> >> to enumerate and find all the folders or objects that the group has
> >> access to.
> >>
> >> When I run your script it comes up and says:
> >>
> >> File Not Found
> >> '"chd.mployees"' is not recognized as an internal or external command,
> >> operable program or batch file.
> >>
> >>
> >> Myself not being a great scripter any ideas?
> >>
> >> Thanks again for the help!!!!
> >>
> >>
> >>
> >>
> >> "Pegasus (MVP)" wrote:
> >>
> >> >
> >> > "Gordon" <Gordon@discussions.microsoft.com> wrote in message
> >> > news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
> >> > >I have a security group called chd.employees
> >> > >
> >> > > I want to know all folders that this group has access to whether it's
> >> > > read/write/list etc.
> >> > >
> >> > > I have scoured the newsgroups looking for something to help me with
> >> > > this.
> >> > >
> >> > > Does anyone have one to do this or any suggestions on where to look.
> >> > >
> >> > > Thanks in advance.
> >> > >
> >> > > Gordon
> >> >
> >> > You could run this batch file:
> >> > @echo off
> >> > if exist c:\perms.txt del c:\perms.txt
> >> > dir /s /b /ad "d:\User Data" > c:\Dir.txt
> >> > for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
> >> > "chd.employees" >nul && echo %%* >> c:\perms.txt
> >> > notepad c:\perms.txt
> >> >
> >> > Watch out for line wrap!
> >> >
> >> >
> >> >
>
>
>
Top

Re: How can I script a full listing of a security group rights ass by Pegasus

Pegasus
Mon Mar 03 14:22:19 CST 2008

Thanks for the feedback. While it's running you can check
c:\Dir.txt for the number of folders to be processed, and
c:\perms.txt for the output generated so far.


"Gordon" <Gordon@discussions.microsoft.com> wrote in message
news:F16D4409-1784-4AD0-A206-173FF004B532@microsoft.com...
>I am running it now, it's taking forever, but I believe it is working.
>
> Thanks for the help!!!!!
>
> "Pegasus (MVP)" wrote:
>
>> This should work (untested):
>>
>> @echo off
>> if exist c:\perms.txt del c:\perms.txt
>> dir /s /b /ad "d:\User Data" | find /i /v "S:\~" > c:\Dir.txt
>> for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
>> "chd.employees" >nul && echo %%* >> c:\perms.txt
>> notepad c:\perms.txt
>>
>> "Gordon" <Gordon@discussions.microsoft.com> wrote in message
>> news:04DFB9DC-73AE-4B5B-92DA-F84ACE0DC758@microsoft.com...
>> > OK, Last question.
>> >
>> > With the directories it is searching, I have them on a SAN that creates
>> > snapshots.
>> > Those snapshot directories start with a ~, so I have a directory called
>> > s:\~.5hours, one called s:\~1hour etc.
>> >
>> > How can I add an exclusion in this script to skip all directories with
>> > a ~
>> > in front.
>> >
>> > Thanks again for the help.
>> >
>> > "Gordon" wrote:
>> >
>> >> This is an active directory security group (chd.employees) that I am
>> >> trying
>> >> to enumerate and find all the folders or objects that the group has
>> >> access to.
>> >>
>> >> When I run your script it comes up and says:
>> >>
>> >> File Not Found
>> >> '"chd.mployees"' is not recognized as an internal or external command,
>> >> operable program or batch file.
>> >>
>> >>
>> >> Myself not being a great scripter any ideas?
>> >>
>> >> Thanks again for the help!!!!
>> >>
>> >>
>> >>
>> >>
>> >> "Pegasus (MVP)" wrote:
>> >>
>> >> >
>> >> > "Gordon" <Gordon@discussions.microsoft.com> wrote in message
>> >> > news:24F3E504-19C6-44AD-AA25-EA362C5B99B8@microsoft.com...
>> >> > >I have a security group called chd.employees
>> >> > >
>> >> > > I want to know all folders that this group has access to whether
>> >> > > it's
>> >> > > read/write/list etc.
>> >> > >
>> >> > > I have scoured the newsgroups looking for something to help me
>> >> > > with
>> >> > > this.
>> >> > >
>> >> > > Does anyone have one to do this or any suggestions on where to
>> >> > > look.
>> >> > >
>> >> > > Thanks in advance.
>> >> > >
>> >> > > Gordon
>> >> >
>> >> > You could run this batch file:
>> >> > @echo off
>> >> > if exist c:\perms.txt del c:\perms.txt
>> >> > dir /s /b /ad "d:\User Data" > c:\Dir.txt
>> >> > for /F "tokens=*" %%* in (c:\Dir.txt) do cacls "%%*" | find /i
>> >> > "chd.employees" >nul && echo %%* >> c:\perms.txt
>> >> > notepad c:\perms.txt
>> >> >
>> >> > Watch out for line wrap!
>> >> >
>> >> >
>> >> >
>>
>>
>>


Top