Advanced NTFS Permissions Output

This topic contains 1 reply, has 1 voice, and was last updated by Profile photo of Jeremy Clark Jeremy Clark 4 years, 1 month ago.

  • Author
    Posts
  • #6614
    Profile photo of Jeremy Clark
    Jeremy Clark
    Participant

    Greetings,

    Hello to all this is my first post here and was trying to get some output for an application team concerning NTFS permissions on shares.  I understand how to get output utilizing the Win32_Shares WMI Namespace but their requirements take me into using Win32_LogicalFileSecuritySetting as well when trying to meet their requirements. Their requested output is below:

    < # \\ServerName\C$\Windows Type   Account                      Permissions     Apply To                           Permissions Detailed —–  —————————  ————–  ———————————  —————————————————– Allow  ServerName\Administrators       [RWXD–]        This folder only                   Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,D,Rp,S Allow  ServerName\Administrators       [Full Control]  Subfolders and files only          Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S Allow  ServerName\Users                [R-X—]        This folder, subfolders and files  Tr/Ex,Lf/Rd,Ra,Rea,Rp,S Allow  CREATOR OWNER                [Full Control]  Subfolders and files only          Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S Allow  NT SERVICE\TrustedInstaller  [Full Control]  This folder and subfolders         Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S Allow  SYSTEM                       [RWXD–]        This folder only                   Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,D,Rp,S Allow  SYSTEM                       [Full Control]  Subfolders and files only          Tr/Ex,Lf/Rd,Ra,Rea,Cfi/Wd,Cfo/Ad,Wa,Wea,Dc,D,Rp,P,O,S #>

    Getting the server name and specific path I can get.  I also can get the "Type" by checking the security descriptor shown below in my script so far.

     

    I have other requirements to see if it is hidden and the path etc.  Those I can get.  The output above I know I'll have to setup another mask or case loop for different variables. or something.  Any help with some output on this guys? Thanks so much for any time you may have to help. I've attached a screen shot of the output in case mine above was formatted incorrectly.

  • #6619
    Profile photo of Jeremy Clark
    Jeremy Clark
    Participant

    I suppose I could create a hash table that encompassed several select case checks for the different required output.  Is the function I'm using ample enough to provide the information that I'm trying to get in the output?

    Thanks,

You must be logged in to reply to this topic.