Script – Fix ACL permissions on folders/files 2

Inheritance has been fixed in the previous post. Now, would it be nice to have some sort of a report that could find me folders/files that have wrong settings no matter how deep they are. This script would confirm that previous changes were successful.

We are going to look for a specific group in the ACL by parsing CACLS output.
In this example I’m looking for a “GG-ADM-S” group.

Here it is:

@echo off
REM Specify the group name for search in Adm2 variable
REM Important - use !x! instead of %x% when calling a dynamicly set variable

echo Looking for the Folders/Files that have no "GG-ADM-S" group in ACL:
echo Looking for the Folders/Files that have no "GG-ADM-S" group in ACL: >> OjectsWithout1stLineSupport.txt

SET "GlobalV=0"
SET "Count=0"
SET "Result=0"
SET "RootKelias=D:\ChangeMe\"

for /F "delims=*" %%R in ('dir "%RootKelias%" /B /A:D') do (

REM SET "Aplankas=%%R"
SET "Kelias=%RootKelias%%%R\"

echo Checking: !Kelias!
dir "!Kelias!" /S /B /A:D > workingfile.txt

REM echo.0 > found.txt

for /F "delims=¬" %%F in (workingfile.txt) do (

REM echo "%%F"

SET "AdminFound=0"

FOR /F "delims=¬" %%A IN ('CACLS "%%F"') DO (

REM echo %%A
SET "Adm=%%A"
REM replace ADM-S with O
SET Adm2=!Adm:ADM-S=O!

REM IF group exist then equality is false
IF NOT !Adm!==!Adm2! (
REM echo Admin exist - !Adm!
Set /a AdminFound = AdminFound + 1

REM echo Dabartine reiksme !AdminFound!
echo.1 > found.txt


REM If AdminFound value is 0 then group was not found
REM echo AdminFound value: !AdminFound!

REM set /p creates a space by default
REM set /p Found=> OjectsWithout1stLineSupport.txt
REM CACLS "%%F" >> OjectsWithout1stLineSupport.txt
echo %%F
echo -----------GROUP WAS NOT FOUND-----------
echo.0 > found.txt
call :Subroute "%%F"

REM Executed when group is found
if "!Found!" == "1 " (
REM echo Numetu i nuli
echo.0 > found.txt


REM endlocal

echo --Report file is called: OjectsWithout1stLineSupport.txt!!
exit /b

REM echo Nerastas - %1
exit /b

Script is working with folders, but again it can be easily changed to work with files [change /A:D to /A:-D].

Every time I apply the change with my first script I double check the results with my reporting script.


Leave a Comment here

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s