Inheritance has been fixed in the previous post. Now, would it be nice to have some sort of a report that could find me folders/files that have wrong settings no matter how deep they are. This script would confirm that previous changes were successful.
We are going to look for a specific group in the ACL by parsing CACLS output.
In this example I’m looking for a “GG-ADM-S” group.
Here it is:
@echo off REM Specify the group name for search in Adm2 variable REM Important - use !x! instead of %x% when calling a dynamicly set variable echo Looking for the Folders/Files that have no "GG-ADM-S" group in ACL: echo Looking for the Folders/Files that have no "GG-ADM-S" group in ACL: >> OjectsWithout1stLineSupport.txt SET "GlobalV=0" SET "Count=0" SET "Result=0" SET "RootKelias=D:\ChangeMe\" for /F "delims=*" %%R in ('dir "%RootKelias%" /B /A:D') do ( REM SET "Aplankas=%%R" SET "Kelias=%RootKelias%%%R\" setlocal ENABLEDELAYEDEXPANSION echo. echo Checking: !Kelias! dir "!Kelias!" /S /B /A:D > workingfile.txt endlocal REM echo.0 > found.txt for /F "delims=¬" %%F in (workingfile.txt) do ( REM echo "%%F" setlocal ENABLEDELAYEDEXPANSION SET "AdminFound=0" endlocal FOR /F "delims=¬" %%A IN ('CACLS "%%F"') DO ( setlocal ENABLEDELAYEDEXPANSION REM echo %%A SET "Adm=%%A" REM replace ADM-S with O SET Adm2=!Adm:ADM-S=O! REM IF group exist then equality is false IF NOT !Adm!==!Adm2! ( REM echo Admin exist - !Adm! Set /a AdminFound = AdminFound + 1 REM echo Dabartine reiksme !AdminFound! echo.1 > found.txt ) endlocal ) setlocal ENABLEDELAYEDEXPANSION REM If AdminFound value is 0 then group was not found REM echo AdminFound value: !AdminFound! REM set /p creates a space by default REM set /p Found=> OjectsWithout1stLineSupport.txt REM CACLS "%%F" >> OjectsWithout1stLineSupport.txt echo %%F echo -----------GROUP WAS NOT FOUND----------- echo.0 > found.txt call :Subroute "%%F" ) REM Executed when group is found if "!Found!" == "1 " ( REM echo Numetu i nuli echo.0 > found.txt ) endlocal ) ) REM endlocal echo. echo --Report file is called: OjectsWithout1stLineSupport.txt!! exit /b :Subroute REM echo Nerastas - %1 exit /b
Script is working with folders, but again it can be easily changed to work with files [change /A:D to /A:-D].
Every time I apply the change with my first script I double check the results with my reporting script.