On Wed, Aug 18, 2010 at 6:40 AM, Andrew S. Baker <[email protected]> wrote:
> You could look at FILEACL (3rd party) and ICACLS (native Vista+/2008+) for
> listing NTFS permissions on files and other structures. SUBINACL is another
> option.
FILEACL is the best one I've found so far because it will easily
list only direct (not inherited) ACEs. That's generally what I'm
interested in. I find this idiom very useful:
FILEACL C:\ /SUB /FILES /LINE /NOINHERITED > C:\ACL_report.txt
Also, FILEACL can set fine-grained Audit ACLs (SACL/AACE), albeit
only with SDDL syntax.
I haven't been able to find a way to do either of those with any of:
CACLS, XCACLS (EXE), XCACLS (VBS), SUBINACL, ICACLS. Which is
frustrating, because for certain computers, I practically need a
signed note from God to use FILEACL.
-- Ben
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
