3
The cacls command in Windows XP and Vista can be used to deny read access to files to certain users. How can I find out which files in a directory tree are readable for a user after cacls has been run? A batch file solution is preferable.
arun
Posted 2011-03-29T11:44:02.313
Reputation: 33
0
You want the excellent Sysinternals command-line tool AccessChk.
I created an example folder C:\test and populated it with two files, normal.txt and secure.txt. The latter file was set to be permissioned only to my account whereas normal.txt has the default inherited permissions.
The command I then used was accesschk -r -s Gareth C:\test (display all the files in the folder test and below that the user Gareth has read-only access to). Here's the output:
Accesschk v5.01 - Reports effective permissions for securable objects
Copyright (C) 2006-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
RW C:\test\normal.txt
RW C:\test\secure.txt
I then ran it with another user: accesschk -r -s AnotherUser C:\test - here's the output:
Accesschk v5.01 - Reports effective permissions for securable objects
Copyright (C) 2006-2010 Mark Russinovich
Sysinternals - www.sysinternals.com
RW C:\test\normal.txt
Hopefully that does the job!
Gaff
Posted 2011-03-29T11:44:02.313
Reputation: 16 863
1only problem is that files as this command lists files which do have have read permissions, I get access denied errors. But I can grep for "Access denied" from the output and filter these out. – arun – 2011-03-30T06:20:09.133