On Wed, Aug 18, 2010 at 06:01, Ben Scott <[email protected]> wrote: > On Wed, Aug 18, 2010 at 6:40 AM, Andrew S. Baker <[email protected]> wrote: >> You could look at FILEACL (3rd party) and ICACLS (native Vista+/2008+) for >> listing NTFS permissions on files and other structures. SUBINACL is another >> option. > > FILEACL is the best one I've found so far because it will easily > list only direct (not inherited) ACEs. That's generally what I'm > interested in. I find this idiom very useful: > > FILEACL C:\ /SUB /FILES /LINE /NOINHERITED > C:\ACL_report.txt > > Also, FILEACL can set fine-grained Audit ACLs (SACL/AACE), albeit > only with SDDL syntax. > > I haven't been able to find a way to do either of those with any of: > CACLS, XCACLS (EXE), XCACLS (VBS), SUBINACL, ICACLS. Which is > frustrating, because for certain computers, I practically need a > signed note from God to use FILEACL. > > -- Ben
I also really appreciate the /batch parameter, which dumps the permissions as a batchfile, so you just have to re-run the command (modulo any editing) and reapply. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
