Finding files/folders with write/full control permissions for Everyone on Windows 2003

Question

Trying to clean up permissions on this IIS6 w/ PHP CGI server, it seems that several files/folders have write permissions for Everyone. (You can probably guess what is happening, repeatedly.)

So, basically, I'm looking for the equivalent of find $directory -perm 777 -exec ls -ld {} \;

I can do that first part, listing files that mention Everyone with icacls, but can't seem to display the actual ACL:

icacls \directory /findSID *S-1-1-0 /t

Looking at the subinacl documentation and various google results, it seems that I can use /subdirectories and /display to achieve this, but it returns immediately with no results and no errors:

C:\>subinacl /subdirectories \directory\*.* /findsid=Everyone /display
+subdirectories \directory\*.*
/findsid=Everyone
/display

Elapsed Time: 00 00:00:00
Done:        0, Modified        0, Failed        0, Syntax errors        0

Answer 1

Orbitron's suggestion is great, but if you want to use a purely PowerShell way without having to install pstools, have a look at the select-string cmdlet. You may have to pipe the object pipeline to a file first and then consume it with select-string or you can wedge out-string into the pipeline.

Get-ChildItem -Recurse | Get-Acl | out-string -stream | select-string -pattern "everyone"

Answer 2

This worked for me with powershell and pstools:

Get-ChildItem C:\temp\ -Recurse | Get-Acl | grep "Everyone"

You may need to refine it more for your needs, but powershell is the way to go here.