This script uses WMI to enumerate each access control entry in an NTFS access control list, looking for explicit entries, that is, entries that are not inherited.

If SECURITY_PRINCIPAL is blank the script will return all explicit rights beneath granted from base path down. The script attempts to provide a summary for common rights.

The PowerShell version of this script is considerably better for granular reporting of rights assigned. This one is more of a demonstration of security descriptor enumeration.

Leave a Reply

Your email address will not be published. Required fields are marked *