Get-DsAcl

Posted by Chris on October 2, 2009 in Active Directory, PowerShell | Tags :, ,

The goal of this PowerShell function is to create a report of permissions assigned to objects in Active Directory in much the same way as DsRevoke.
more >>

Reading share security with PowerShell

Posted by Chris on February 20, 2009 in PowerShell | Tags :, , , ,

The cmdlet Get-ACL is very capable when it comes to NTFS permissions, but it cannot read share permissions. This function makes an effort to provide a simple way to return share security (and other information) from a share.
more >>

Reading NTFS and Share security with VbScript

Posted by Chris on February 19, 2009 in VbScript | Tags :, , , , , ,

NTFS (File System) and Share security can be enumerated using the Win32_LogicalFileSecuritySetting and Win32_LogicalShareSecuritySetting WMI classes. This post demonstrates how to use each class to read the security descriptors.
more >>

Finding a user in Exchange mailbox security

Posted by Chris on October 28, 2008 in Active Directory, Exchange, VbScript | Tags :, , , , , ,

A script to read the mailbox security descriptor from Active Directory with the intention of finding a particular user or security principal. It will not display the security descriptor, it simply displays whether or not the account is present in the access control list.
more >>

NTFS, WMI, VbScript & listing explicit rights

Posted by Chris on October 22, 2008 in VbScript | Tags :, , , , , ,

This script uses WMI to enumerate each access control entry in an NTFS access control list, looking for explicit entries, that is, entries that are not inherited.
more >>

NTFS, PowerShell, Get-ACL & listing explicit rights

Posted by Chris on October 22, 2008 in PowerShell | Tags :, , , ,

A short script to list explicit rights assigned to a directory structure. It uses the recursive option of ls (an Alias for Get-ChildItem) to drop down through the directory structure.
more >>