Urgent VBScript needed

Anyone got a quick answer to this -
I need a script to create a file which contains all usernames who have access to folders in a directory. Please [V]

rmclare3

I have not done this myself, but i've done a bit of research and i came accross the following script on a forum.

Now just before i post the code, the guys who wrote this really went into details and via wscript.echo provides a lot of information. If you play with the script, take a lot of the information that you don't need, then you'll get what you want.

I believe you are interested in the sections where it says:

WScript.Echo i & ". Trustee Name: " & wmiTrustee.Name

Ok, here goes
=========================================================================================
Option Explicit

Dim CONTROL_FLAGS ' ControlFlags values
Dim ACCESS_MASK ' AccessMask values
Dim ACE_FLAGS ' AceFlags values
Dim ACE_TYPE ' AceType values
Dim Key ' Dictionary object key
Dim blnFirstValue ' Flag for formatting
Dim i ' Counter
Dim intRetVal ' Return value
Dim strComputer ' Target computer name
Dim strFolder ' Target folder (or file) name
Dim wmiServices ' SWbemServices object
Dim wmiSecuritySettings ' Win32_LogicalFileSecuritySetting
Dim wmiSecurityDescriptor ' Win32_SecurityDescriptor
Dim wmiOwner ' Win32_Trustee
Dim wmiAce ' Win32_ACE
Dim wmiTrustee ' Win32Trustee
Dim arrDacl ' DACL array
Dim arrSacl ' SACL array

strComputer = "dell610" ' Target computer name
strFolder = "c:\windows" ' Fully qualified file or folder name

Set CONTROL_FLAGS = CreateObject("Scripting.Dictionary")
CONTROL_FLAGS.Add "SE_OWNER_DEFAULTED", 1
CONTROL_FLAGS.Add "SE_GROUP_DEFAULTED", 2
CONTROL_FLAGS.Add "SE_DACL_PRESENT", 4
CONTROL_FLAGS.Add "SE_DACL_DEFAULTED", 8
CONTROL_FLAGS.Add "SE_SACL_PRESENT", 16
CONTROL_FLAGS.Add "SE_SACL_DEFAULTED", 32
CONTROL_FLAGS.Add "SE_DACL_AUTO_INHERIT_REQ", 256
CONTROL_FLAGS.Add "SE_SACL_AUTO_INHERIT_REQ", 512
CONTROL_FLAGS.Add "SE_DACL_AUTO_INHERITED", 1024
CONTROL_FLAGS.Add "SE_SACL_AUTO_INHERITED", 2048
CONTROL_FLAGS.Add "SE_DACL_PROTECTED", 4096
CONTROL_FLAGS.Add "SE_SACL_PROTECTED", 8192
CONTROL_FLAGS.Add "SE_SELF_RELATIVE", 32768

Set ACCESS_MASK = CreateObject("Scripting.Dictionary")
ACCESS_MASK.Add "FILE_LIST_DIRECTORY", 1
ACCESS_MASK.Add "FILE_ADD_FILE", 2
ACCESS_MASK.Add "FILE_ADD_SUBDIRECTORY", 4
ACCESS_MASK.Add "FILE_READ_EA", 8
ACCESS_MASK.Add "FILE_WRITE_EA", 16
ACCESS_MASK.Add "FILE_TRAVERSE", 32
ACCESS_MASK.Add "FILE_DELETE_CHILD", 64
ACCESS_MASK.Add "FILE_READ_ATTRIBUTES", 128
ACCESS_MASK.Add "FILE_WRITE_ATTRIBUTES", 256
ACCESS_MASK.Add "DELETE", 65536
ACCESS_MASK.Add "READ_CONTROL", 131072
ACCESS_MASK.Add "WRITE_DAC", 262144
ACCESS_MASK.Add "WRITE_OWNER", 524288
ACCESS_MASK.Add "SYNCHRONIZE", 1048576

Set ACE_FLAGS = CreateObject("Scripting.Dictionary")
ACE_FLAGS.Add "OBJECT_INHERIT_ACE", 1
ACE_FLAGS.Add "CONTAINER_INHERIT_ACE", 2
ACE_FLAGS.Add "NO_PROPAGATE_INHERIT_ACE", 4
ACE_FLAGS.Add "INHERIT_ONLY_ACE", 8
ACE_FLAGS.Add "INHERITED_ACE", 16
ACE_FLAGS.Add "SUCCESSFUL_ACCESS_ACE_FLAG", 32
ACE_FLAGS.Add "FAILED_ACCESS_ACE_FLAG", 64

Set ACE_TYPE = CreateObject("Scripting.Dictionary")
ACE_TYPE.Add 0, "Access Allowed"
ACE_TYPE.Add 1, "Access Denied"
ACE_TYPE.Add 2, "Audit"

'********************
'* CALLOUT A
'********************
' Connect to WMI on target computer
Set wmiServices = GetObject _
("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer)

' Get target folder's (or file's) security settings
Set wmiSecuritySettings = wmiServices.Get _
("Win32_LogicalFileSecuritySetting.Path='" & strFolder & "'")

WScript.Echo "Win32_LogicalFileSecuritySettings"
WScript.Echo "================================="
WScript.Echo "Caption: " & wmiSecuritySettings.Caption
WScript.Echo "ControlFlags: " & wmiSecuritySettings.ControlFlags
WScript.Echo "Description: " & wmiSecuritySettings.Description
WScript.Echo "OwnerPermissions: " & wmiSecuritySettings.OwnerPermissions
WScript.Echo "Path: " & wmiSecuritySettings.Path
WScript.Echo "SettingID: " & wmiSecuritySettings.SettingID
WScript.Echo

'********************
'* CALLOUT B
'********************
' Get target folder's (or file's) Security Descriptor
intRetVal = wmiSecuritySettings.GetSecurityDescriptor(wmiSecurityDescriptor)

' Security Descriptor's Owner represented by instance of Win32_Trustee
Set wmiOwner = wmiSecurityDescriptor.Owner

WScript.Echo "Win32_SecurityDescriptor"
WScript.Echo "------------------------"
WScript.Echo "Owner Name: " & wmiOwner.Name
WScript.Echo "Owner SIDString: " & wmiOwner.SIDString
WScript.Echo "Owner Domain: " & wmiOwner.Domain

'********************

"......who have access to folders in a directory". You mean all users who have access to sub-folders ONLY in a directory ? What about files ?

quote:

---

Originally posted by rmclare3

Anyone got a quick answer to this -
I need a script to create a file which contains all usernames who have access to folders in a directory. Please [V]

---

Thanks for your reply and apologies for not replying untill now - got pulled of that job.
I'm looking at script now and as you say it's pretty detailed. I'll give ut a try but it will test my limited skills I'm sure.
Thanks again.

Bob

ouch.. sorry to hear that, hoepfully it was related to the question you posted :\

token

did you have a simpler script to do this?

just for my own knowledge

bushmen

Not really, most of our security related tasks are accomplished through the use of security groups and they don't change often once they have been in place. Don't really have the need to create such scripts (yet).