JSI Tip 8545. How can I generate a report of folders and files that have specific user or group permissions set?

Jerold Schulman

October 5, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today

I have scripted FindACL.bat to generate a comma separated value file that reports folders and files that have permissions for the users and groups that you specify.

FindACL.bat uses the built-in CACLS command, which displays users and groups in a format like:

BUILTINAdministratorsNT AUTHORITYSYSTEMUSERorGROUPEveryoneUSERorGROUP

The syntax for using FindACL.bat is:

FindACL Drive ReportFile UsrGrp1 [UsrGrp2 ... UserGrpN]

where:

Drive       is the Drive Letter or folder path that contains the sub-folders and files.ReportFile  is the file that will contain the output report.UsrGrpX     is the users and/or groups you are looking for.

The format of the ReportFile file is:

"Fully Qualified Folder of File Name","User or Group"

NOTE: FindACL runs a long time, based upon the number of folders and files, and ACEs per file system object.

FindACL.bat contains:

@echo offif {%3}
{} @echo FindACL Drive ReportFile UsrGrp1 [UsrGrp2 ... UsrGrpN]&goto :EOFsetlocalset work=%1set work=%work:"=%#set drv=%work:#=%set drv=%drv:#=%set obj=%drv%if exist "%TEMP%FindACL.tmp" del /q "%TEMP%FindACL.tmp"set out=%2if exist %out% del /q %out%:loopif {%3}
{} goto fndset ACL=%3shiftset ACL=%ACL:"=%@echo %ACL%>>"%TEMP%FindACL.tmp"goto loop:fndcall :parsefor /f "Tokens=*" %%O in ('dir %drv% /b /s /a') do  set obj=%%O&call :parsedel /q "%TEMP%FindACL.tmp" endlocalgoto :EOF:parsecall set remove=%obj:&= %set /a cnt = 0call echo.%%remove%%>%TEMP%$VarLen$.tmpfor %%n in (%TEMP%$VarLen$.tmp) do set /a cnt = %%~zn - 2set /a cnt=%cnt% + 1for /f "Tokens=*" %%f in ('cacls "%obj%"^|Findstr /i /l /g:"%TEMP%FindACL.tmp"') do ( set line=%%f call :strip)goto :EOF:stripif "%line%" EQU "" goto :EOFcall set line=%line:&= %call set line=%line:(={%call set line=%line:)=}%call set line=%line: = %call set work=%line:not found=%if "%work%" NEQ "%line%" goto :EOFif "%line:~1,1%" EQU ":" call set line=%%line:~%cnt%%%for /f "Tokens=1* Delims=:" %%a in ('@echo %line%') do ( set line=%%a )@echo "%remove%","%line%">>%out%



About the Author

Jerold Schulman

Jerold Schulman

See more from Jerold Schulman
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a digital shield icon with a keyhole next to text that says linux kernel security
Vulnerabilities & Threats
Linux Kernel Exploits: How Attackers Gain Root Access and How To Defend Against It
Linux Kernel Exploits: Common Threats and How To Prevent Them

Oct 8, 2024

DevOps warning sign in front of gray sky
DevOps
How to Avoid Hidden DevOps Costs and Optimize for Efficiency
How to Avoid Hidden DevOps Costs and Optimize for Efficiency

Oct 9, 2024

a phone call between two business people reveals that one of them is a deepfake scammer
Vulnerabilities & Threats
We’re Worried About Deepfake Voice Scams. How Do We Protect Employees?
We’re Worried About Deepfake Voice Scams. How Do We Protect Employees?

Oct 4, 2024

Exclusive ITPro Resources
See all ITPro Resources

Featured Technical Explainers

MLOps
Ops and More
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?
multicloud concept
Cloud Computing
Cross-Cloud: The Next Evolution in Cloud Computing?
Cross-Cloud: The Next Evolution in Cloud Computing?
Wi-Fi 6 speed logo glowing on virtual screen while businessperson points hand and using laptop computer.
IT Operations
Wi-Fi 6: A Step Forward, But Wired LAN Still Holds the Crown
Wi-Fi 6: A Step Forward, But Wired LAN Still Holds the Crown
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

Recent What Is

cartoon shows a person next to a checklist and several icons that represent disaster scenarios
Disaster Recovery
BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster RecoveryBCDR Basics: A Quick Reference Guide for IT Pros
technology interface with a person's hand drawing gears and cogs
PowerShell
Introduction To PowerShell Environment VariablesIntroduction To PowerShell Environment Variables