2

I need a tool/script that will report currently defined permissions for a given path.

  • If the permissions for a subtree are the same as for its parent, the whole subtree should be omitted.
  • Files should only be listed if the permissions are different from its containing directory.
  • Output should be compact (unlike cacls/icacls) and in plain text so I can commit it to SVN.

Does something like this exist?

laktak
  • 626
  • 2
  • 9
  • 16

2 Answers2

0

It sounds as if this may do what you're after. It's not powershell code, but I do love sysinternals toys.

Community
  • 1
Kara Marfia
  • 7,892
  • 5
  • 32
  • 56
0

The setacl utility will do what you're looking for, with the added benefit of having an option to "restore" ACLs saved in a file to a live filesystem. I've used setacl in a manner similar to what you're describing, including "restoring" ACLs as part of the script automatically to checkout and deploy the application from version control.

The command-line syntax for setacl is, arguably, confusing and difficult. To save the ACLs from a folder hierarchy into a file you'd be doing:

SetACL.exe -on "\\server\share\source-folder" -ot file -actn list -lst "f:sddl;w:d,s,o,g" -rec cont -bckp "output-file.txt"

Objects (files or folders) that are inheriting all their ACLs from their parent object won't be listed in the output (so such that only objects that have ACLs set on them will be reported).

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • Thanks, I tried some formatting options but I couldn't get the output to be 'human readable'. – laktak Jul 30 '10 at 08:45