Show Directories with Non-Inherited ACLs

Author	Message

turranx

Total Posts : 59
Scores: 0
Reward points : 0
Joined: 2/7/2006
Location: Cincinnati, OH
Status: offline

Show Directories with Non-Inherited ACLs Thursday, January 29, 2009 9:43 AM (permalink)

0

To the best of my knowledge, Vista and Windows Server 2008 steadfastly refuse to show the 'Security' tab when you have multiple files or folders selected. As an Administrator this is a HUGE deficiency. I can't beleive Microsoft's own Admins haven't complained about this. So here is my solution:

Save this as ShowDeltaACLs.ps1

  $output = ""; 
 $wshShell = new-object -comobject wscript.shell; 
 dir | 
     Where {$_.PSIsContainer -eq $true} | 
         get-acl | 
             foreach-object { 
                 $counter = 0; 
                 $ACLList = ""; 
                 foreach ($element in $_.Access) { 
                     if ($element.IsInherited -eq $false) { 
                         $counter+=1; 
                         $ACLList += "`t" + $element.AccessControlType + " " + $element.FileSystemRights + " for " + $element.IdentityReference + "`n"
                     }
                 };
                 if ($counter -gt 0) { 
                     $output += ".\" + $(Split-Path $_.Path -NoQualifier).split("\")[$(Split-Path $_.Path -NoQualifier).split("\").length -1] + "`n" + $ACLList + "`n";
                 }
             }; 
 $seconds = 0; 
 $title = "Directories with Non-Inherited ACLs"; 
 if ($output -eq "") {$output = "All directories have the same ACLs."}; 
 $output =  $(Split-Path $(pwd) -NoQualifier) + "`n" + "`n" + $output ; 
 if ($output.length -gt 1000) {
     $oIE=new-object -com internetexplorer.application
     $oIE.navigate2("About:blank")
     
     while ($oIE.busy) {
         sleep -milliseconds 50
     }
     $oDocBody=$oIE.document.documentelement.lastchild ;
     #populate the document.body
     $oDocBody.innerhtml="<b>" + $title + "</b><br><br>" + $output.replace(".\","&nbsp&nbsp&nbsp&nbsp.\").replace("`n",",<br>").replace("`t","&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp").replace(",","")
     $oDocBody.style.font="12pt Arial";
     $oIE.document.bgcolor="#D7D7EA"
        
     $oIE.visible=$true
 }
 else {
     $wshShell.popup($output,$seconds,$title);
 }

Save this as ShowDeltaACLs.reg

 Windows Registry Editor Version 5.00
 [HKEY_CURRENT_USER\Software\Classes\Directory]
 [HKEY_CURRENT_USER\Software\Classes\Directory\Background]
 [HKEY_CURRENT_USER\Software\Classes\Directory\Background\Shell]
 [HKEY_CURRENT_USER\Software\Classes\Directory\Background\Shell\ACLs]
 @="Show Directories with Non-Inherited ACLs"
 [HKEY_CURRENT_USER\Software\Classes\Directory\Background\Shell\ACLs\Command]
 @="powershell.exe \"c:\\YOUR\\LOCATION\\HERE\\ShowDeltaACL.ps1\""

Run the registry file to add it to your context menu.
Using Windows Explorer, go into a folder. Right click on the white space and select 'Show Directories with Non-Inherited ACLs'.

If the output is under a thousand characters, it looks like this:

If the output is over a thousand characters, it is redirected to Internet Explorer.

If you think you can make this better, then by all means edit it and repost it here. You can email me screenshots of what it looks like and I'll host them for you on my site.

Microsoft Windows 2000 Scripting Guide - The best book for newbie scripters
http://www.myspace.com/Evil__Overlord

#1