0 Пользователей и 1 Гость просматривают эту тему.
cacls /?
C:\Users\user>cacls C:\WindowsC:\Windows NT SERVICE\TrustedInstaller:F NT SERVICE\TrustedInstaller:(CI)(IO)F NT AUTHORITY\SYSTEM:C NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F BUILTIN\Administrators:C BUILTIN\Administrators:(OI)(CI)(IO)F BUILTIN\Users:R BUILTIN\Users:(OI)(CI)(IO)(special access:) GENERIC_READ GENERIC_EXECUTE CREATOR OWNER:(OI)(CI)(IO)F
Код: [Выделить]cacls /?Не?
# Input file - scope.txt# It must contain strings with directory paths, that you want to scan.$inputFILE = get-content -Path ".\scope.txt"$Title = "DirName"+" "+"IdentityReference"+" "+"AccessControlType"+" "+"ApplyTo"+" "+"FULL CONTROL"+" "+"List Folder / Read Data"+" "+"Create Files /Write Data"+" "+"Create Folders / Append Data"+" "+"Read Extended Attributes"+" "+"Write Extended Attributes"+" "+"Traverse Folder / Execute File"+" "+"Delete Subfolders and Files"+" "+"Read Attributes"+" "+"Write Attributes"+" "+"Delete"+" "+"Read Permissions"+" "+"Change Permissions"+" "+"Take Ownership"+" "+"Synchronize"$Title | Out-File -FilePath .\share_enum_result.txt #-append;if (test-path .\share_enum_tree.txt) { remove-item .\share_enum_tree.txt}#-------------------------------------------function parsACE{$FSRValue = $dirACE.FileSystemRights.value__$InH = $dirACE.InheritanceFlags.value__$Prop = $dirACE.PropagationFlags.value__$outSTR1 = "$ACLPath"$outSTR2 = $dirACE.IdentityReference$outSTR3 = $dirACE.AccessControlTypeif (($FSRValue -ge 0x1f01ff)) {$FSRValue = $FSRValue - 0x1f01ff; $outSTRFC = "X"}if (($FSRValue -ge 0x100000)) {$FSRValue = $FSRValue - 0x100000; $outSTR18 = "X"}if (($FSRValue -ge 0x80000)) {$FSRValue = $FSRValue - 0x80000; $outSTR17 = "X"}if (($FSRValue -ge 0x40000)) {$FSRValue = $FSRValue - 0x40000; $outSTR16 = "X"}if (($FSRValue -ge 0x20000)) {$FSRValue = $FSRValue - 0x20000; $outSTR15 = "X"}if (($FSRValue -ge 0x10000)) {$FSRValue = $FSRValue - 0x10000; $outSTR14 = "X"}if (($FSRValue -ge 0x0100)) {$FSRValue = $FSRValue - 0x0100; $outSTR13 = "X"}if (($FSRValue -ge 0x0080)) {$FSRValue = $FSRValue - 0x0080; $outSTR12 = "X"}if (($FSRValue -ge 0x0040)) {$FSRValue = $FSRValue - 0x0040; $outSTR11 = "X"}if (($FSRValue -ge 0x0020)) {$FSRValue = $FSRValue - 0x0020; $outSTR10 = "X"}if (($FSRValue -ge 0x0010)) {$FSRValue = $FSRValue - 0x0010; $outSTR9 = "X"}if (($FSRValue -ge 0x0008)) {$FSRValue = $FSRValue - 0x0008; $outSTR8 = "X"}if (($FSRValue -ge 0x0004)) {$FSRValue = $FSRValue - 0x0004; $outSTR7 = "X"}if (($FSRValue -ge 0x0002)) {$FSRValue = $FSRValue - 0x0002; $outSTR6 = "X"}if (($FSRValue -ge 0x0001)) {$FSRValue = $FSRValue - 0x0001; $outSTR5 = "X"}if (($InH -eq 0) -and ($Prop -eq 0)) { $outSTR4 = "This folder only"}if (($InH -eq 3) -and ($Prop -eq 0)) { $outSTR4 = "This folder, subfolders and files"}if (($InH -eq 1) -and ($Prop -eq 0)) { $outSTR4 = "This folder and subfolders"}if (($InH -eq 2) -and ($Prop -eq 0)) { $outSTR4 = "This folder and files"}if (($InH -eq 3) -and ($Prop -eq 2)) { $outSTR4 = "Subfolders and files only"}if (($InH -eq 1) -and ($Prop -eq 2)) { $outSTR4 = "Subfolders only"}if (($InH -eq 2) -and ($Prop -eq 2)) { $outSTR4 = "Files only"}$outSTR = "$outSTR1"+" "+"$outSTR2"+" "+"$outSTR3"+" "+"$outSTR4"+" "+"$outSTRFC"+" "+"$outSTR5"+" "+"$outSTR6"+" "+"$outSTR7"+" "+"$outSTR8"+" "+"$outSTR9"+" "+"$outSTR10"+" "+"$outSTR11"+" "+"$outSTR12"+" "+"$outSTR13"+" "+"$outSTR14"+" "+"$outSTR15"+" "+"$outSTR16"+" "+"$outSTR17"+" "+"$outSTR18" + " " + "$FSRValue" | Out-File -FilePath .\share_enum_result.txt -append; $outSTR1 = $(); $outSTR2 = $(); $outSTR3 = $(); $outSTR4 = $(); $outSTR5 = $(); $outSTR6 = $(); $outSTR7 = $(); $outSTR8 = $(); $outSTR9 = $(); $outSTR10 = $(); $outSTR11 = $(); $outSTR12 = $(); $outSTR13 = $(); $outSTR14 = $(); $outSTR15 = $(); $outSTR16 = $(); $outSTR17 = $(); $outSTR18 = $(); $FSRValue = $();}#-------------------------------------------function Parsedir ($scopePath,$depth){ if ($depth -gt 0) { $rootDIR = New-Object System.IO.DirectoryInfo("$scopePath") $subDIR = $rootDIR.GetDirectories() foreach ($sDIR in $subDIR) { $ACLPath = "$scopePath" + "\" + "$sDIR"; $ACLPath | Out-File -FilePath .\share_enum_tree.txt -append; $dirACL = get-acl -path "$ACLPath" | select -expand access; if ($dirACL -ne $()) { foreach ($dirACE in $dirACL) { parsACE } } else { $outSTR = "$ACLPath" + " N/A Access Deny" "$outSTR" | Out-File -FilePath .\share_enum_result.txt -append $outSTR = "" } $dirACL = $() Parsedir $ACLPath $($depth-1) } }}foreach ($scope in $inputFILE){ Parsedir $scope 2}
c:\homes\Common RW PRIN\s.popov RW NT AUTHORITY\??????? RW BUILTIN\?????????????? RW PRIN\????? ?????? RW ??? RW PRIN\???????????? ??????c:\homes\Design_archive RW PRIN\s.popov RW PRIN\t.filippova RW PRIN\o.pomogaev RW PRIN\a.gavrilin RW NT AUTHORITY\??????? RW BUILTIN\?????????????? RW BUILTIN\????????????