Oh... forget to mention... run the script from the command-line like CSCRIPT <scriptname> otherwise you need to click away popup boxes Cheers Jorge
________________________________ From: Almeida Pinto, Jorge de Sent: Fri 9/9/2005 2:06 AM To: [email protected]; [email protected] Subject: RE: [ActiveDir] Active Directory Permissions Hi Sakari, Just tested the script on my home DC. Works great. Minor Minor Minor issues.. ;-)) * Last line states "This table was generated at 09-Sep-2005 01:47:40 by ACLsToExcel.vbs" the last should be ACLReport.vbs Instead of hardcoding the name of the file add WScript.ScriptName * The permissions of the domain object itself are not listed * white space is explicit allow permission (not mentioned) * For inherited permissions... "inherited from" is missing Cheers Jorge ________________________________ From: [EMAIL PROTECTED] on behalf of Sakari Kouti Sent: Fri 9/9/2005 12:21 AM To: [email protected] Subject: RE: [ActiveDir] Active Directory Permissions Hi All, All software projects take twice the estimated schedule, so not on Tuesday, but now on Thursday there is finally the script to dump all AD ACEs at the end of the page http://www.kouti.com/scripts.htm A few comments: - As always, you would get most of the results using just end-user permissions - The script works fastest, when run on a DC. They don't often have Excel installed, so I modified the script to create an HTML file instead of direct Excel dumping. You can copy this HTML file to a workstation, right-click the table in IE and select Export to Microsoft Excel. - You can specify the root of dumping in an inputbox. - By modifying three lines in the beginning of the script, you can specify: - Whether to scan only OUs or also other object classes - Whether to scan only normal-view objects or also advanced-view objects - Whether to display all ACEs or only non-inherited Please let me know if you find bugs or have minor :-) feature suggestions. Note that the script is not bullet proof. For example, it breaks, if you try to run it as a standalone user, with no access to AD (no graceful exit, that is). Yours, Sakari PS. Thanks for the congrats on my third child. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
