Hi,
ich bin im Moment dabeit ein kleines Tool zu basteln, welches die Ordnerbrechtigungen (später rekursiv) auslesen soll. Nur scheitert es bei mir im Moment an der AccessMask. Das Programm soll jedoch nicht die Accessmask ausspucken sondern die eigentlichen Berechtigungen (Hier was zur AccessMask von MS). Mein Problem besteht darin das ich einfach nicht drauf komme, wie ichs umwandeln soll... . Eventuell ist mein Ansatz mit der AccessMask auch falsch.... Von euch hat da nicht zufällig noch Jemand eine Idee? Wollte mit dem Tool meine arbeiten abschließend protkollieren. Habe leider kein Programm gefunden, welches es so macht, dass es auch der Kunde nachvollziehen kann.
EDIT: http://itknowledgeexchange.techtarget.com/powershell/sha…he-access-mask/ das könnte auch was sein. Nur bin ich nicht gerade bewandert in der Powershell mit BitAND hat es bei mir nicht geklappt.
Spoiler anzeigen
Local _
$FILE_READ_DATA__FILE_LIST_DIRECTORY = 1, _;Grants the right to read data from the file. For a directory, this value grants the right to list the contents of the directory.
$FILE_WRITE_DATA__FILE_ADD_FILE = 2, _;Grants the right to write data to the file. For a directory, this value grants the right to create a file in the directory.
$FILE_APPEND_DATA__FILE_ADD_SUBDIRECTORY = 4, _;Grants the right to append data to the file. For a directory, this value grants the right to create a subdirectory.
$FILE_READ_EA = 8, _;Grants the right to read extended attributes.
$FILE_WRITE_EA = 16, _;Grants the right to write extended attributes.
$FILE_EXECUTE__FILE_TRAVERSE = 32, _;Grants the right to execute a file. For a directory, the directory can be traversed.
$FILE_DELETE_CHILD = 64, _;Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only.
$FILE_READ_ATTRIBUTES = 128, _;Grants the right to read file attributes.
$FILE_WRITE_ATTRIBUTES = 256, _;Grants the right to change file attributes.
$DELETE = 65536, _;Grants delete access.
$READ_CONTROL = 131072, _;Grants read access to the security descriptor and owner.
$WRITE_DAC = 262144, _;Grants write access to the discretionary access control list (ACL).
$WRITE_OWNER = 524288, _;Assigns the write owner.
$SYNCHRONIZE = 1048576, _;Synchronizes access and allows a process to wait for an object to enter the signaled state.
$OBJECT_INHERIT_ACE = 1, _;Noncontainer child objects inherit the ACE as an effective ACE. For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
$CONTAINER_INHERIT_ACE = 2, _ ; Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
$NO_PROPAGATE_INHERIT_ACE = 4, _ ;If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.
$INHERIT_ONLY_ACE = 8, _ ;Indicates an inherit-only ACE which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE which controls access to the object to which it is attached. Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags.
$INHERITED_ACE = 16, _ ;The system sets this bit when it propagates an inherited ACE to a child object.
$wbemFlagReturnImmediately = 0x10, _
$wbemFlagForwardOnly = 0x20, _
$colItems = "", _
$strComputer = "localhost", _
$objSD, _
$Output = "", _
$sFolderRights = ""
Local $sRootFolder = FileSelectFolder("Verzeichnis zum auslesen der Berechtigungen auswählen", "C:\Xampp")
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_LogicalFileSecuritySetting WHERE Path="' & StringReplace($sRootFolder, "\", "\\") & '"', "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
If IsObj($colItems) Then
For $objItem In $colItems
$objItem.GetSecurityDescriptor($objSD)
$Output = $Output & "Pfad: " & @TAB & @TAB & @TAB & $objItem.Path & @CRLF
$colDacl = $objSD.DACL ; discretionary access control list(Array)
For $objDacl In $colDacl
$Output = $Output & "Benutzer/Gruppe: " & @TAB & $objDacl.Trustee.Name & @CRLF
$Output = $Output & "Flags: " & @TAB & @TAB & @TAB & $objDacl.AceFlags & @CRLF
$Output = $Output & "Rechte: " & $objDacl.AccessMask & @CRLF
$Output = $Output & $sFolderRights
Next
Next
ConsoleWrite($Output)
Else
MsgBox(1, "Error", "Pfad nicht gefunden")
EndIf
Danke schonmal im Voraus