How to dump ACL lists from shares to file. RRS feed

  • Question

  • Greetings, I have a real problem on my hands. My company is moving to a different NT domain. However some of our servers and therefore shares must remain in tact. I need a way to show me all the shares and their security permissions for each. I have tried several programs but none of them show me the details regarding inheritance. Basically I need the share name, the information in the "Security" tab, and the information under the "Advanced" button. (The "Advanced Security Settings for %foldername%") 

    The main directory has 38 sub folders, and each can have it's own permissions. There are a total of 24,000 folders I need this information for. And I have at least one other server needing this done.  So doing it by hand will not cut it. 

    Thanks in advance!



    Wednesday, February 16, 2011 10:54 PM


  • I believe Powershell can handle this.  Best to repost your question on the scripting guys forum.

    Here's a little bit of script to get you started.  It's the get-acl command that is doing the work.  The accesstostring shows you if something has been inherited (True ContainerInherit = Inherited Permissions:  False ContainerInherit= Explicit permissions).  I'd probably want to put some more work in to the script to have it show inheritance more simply; perhaps as a tree.  I'm sure you'll find a guru over there than can help you with that.

    get-childitem D:\ -recurse | Where-Object { $_.PSIsContainer } | foreach-object {get-acl $_.FullName} | Select-Object @{n='Path';e={ (Get-Item $_.PSPath).FullName }}, Owner, @{n='Accesstostring';e={ [String]::Join("`n", $( $_.Access | %{"$($_.IdentityReference) $($_.AccessControlType) $($_.IsInherited) $($_.InheritanceFlags)" })) }} | format-list

    • Marked as answer by Kevin Remde Monday, February 28, 2011 12:47 PM
    Thursday, February 17, 2011 3:01 PM