Create List of Access Denied Files & Folders

2

1

I want to make a list of access denied files/folders for a given account. I'm aware "icacls" handles making lists of files/folders given an account name.

e.g. This command lists access denied per folder on screen:

icacls c:\*. /findsid "User" /T /C /L /Q > c:\results.txt

...but it doesn't list the access denied folders in the results file.

How can I do this?

whatever1234566

Posted 2015-12-19T02:18:29.910

Reputation: 111

Answers

1

Nevermind, I figured it out. The issue was that there's two ways to output:

  1. Through "STDOUT"

  2. Through "STDERR"

https://support.microsoft.com/en-us/kb/110930#/en-us/kb/110930

So, I can just execute something like so:

icacls c:*. /findsid "User" /T /C /L /Q 2> c:\resultsFolders.txt

icacls c:*.* /findsid "User" /T /C /L /Q 2> c:\resultsFiles.txt

whatever1234566

Posted 2015-12-19T02:18:29.910

Reputation: 111

Wouldn't that be icacls c:*.* /findsid "User" /T /C /L /Q > c:\updatedFiles.txt 2> c:\accessDeniedFiles.txt..? Another thought is that using c:*. and c:*.* is not 100% accurate. You will get better (ie: more accurate) results if you use a for (dir /AD) statement.. – Kody Brown – 2015-12-19T15:20:06.047

How's using wildcards any different? – whatever1234566 – 2015-12-20T01:54:19.923

Just that *. can pick up files and folders without an extension, just like *.* can pick up both files and folders with an extension. – Kody Brown – 2015-12-20T03:33:06.203

Using dir /ad will only list directories and dir /a-d will only list files. Using them in a 'for' loop would look like this: for /f %G in ('"dir /ad /b"') do @echo %G.. (When using the for loop inside a batch file, be sure to use %%G instead of %G.) – Kody Brown – 2015-12-20T03:48:46.543

Asked: 2015-12-19T02:18:29.910

Viewed: 789 times

Active: 2015-12-19T09:34:59.660