Are there any command line commands I can run to list ACL (access control lists) for all directories in a share on a windows 2003 server? I have server \\localhost\ and I no there is a share called data, so \\localhost\data\ I then no there are top level 10 directories within data (i.e. temp, backup, database etc etc), but I want to hit a command that churns out the NTFS ACL's for each of these directories. I can ask a domain admin to run the report if needs be..... MBSA gives me Share and Directory ACL, but I am unsure of which directory it refers too, and each top level directory in the share may not have the same ACL's... so not sure what MBSA is reporting there...

Are there any command line commands I can run to list ACL (access control lists) for all directories in a share on a windows 2003 server? http://technet.microsoft.com/en-us/sysinternals/bb545046.aspx Goto that link and Download the SysInternals "ShareEnum" which enumerates all shares and their permissions. This includes all folders within the share. It uses the CACLS.exe (your command line tool) and parses the data in a spreadsheet style format. Other then that, will have to go down each tier of your folder shares and run CACLS.exe across each item. It works better than running CACLS by itself... Saves HOURS of work. CACLS *.* - Query all files/folders at ONE folder level - Does not go further into other folders, only within the folder you are at. CACLS FOLDERNAME - Query the permissions on a folder CACLS FILENAME - Query the permissions on a folder The Command to view the same permissions Best Regards, Steve Kline - MCITP This posting is "as is" without warranties and confers no rights.

As far as I know, there is no built in functionality which covers your request. You could write a script to gather this info, but I would recommend taking a look at the sysinternals tool accesenum.exe. it runs reporting on any path (being local or on the network) and returns an extensive list of all privileges assigned on this folder and it's subfolders. You can find more info on http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx. The latest version an be found on http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx. I would also recommend taking a look in the rest of the sysinternals suite, as it contains some of the most powerfull tools on the planet to manage, administer and troubleshoot Windows environments!!! MCSA/MCTS/MCP

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx does accessenum do what you want?

Looks good, so for entire directory and file listings listing ACL access for a given share I'd just enter \\localhost\share$ And that would list ACL's for \\localhost\share$\directory1 \\localhost\share$directory2

yes and for all of the subfolders... It comes with a nifty feature that shows only ACL entires that are different from the parent folder. So if you need full listings for subfolders, be sure to turn this feature off!MCSA/MCTS/MCP

Looks good, so for entire directory and file listings listing ACL access for a given share I'd just enter \\localhost\share$ And that would list ACL's for \\localhost\share$\directory1 \\localhost\share$directory2 That is the benefit of using ShareEnum, because it only enumerates the ACls for the shares on the system with less need to refine your search to the actual folder that you shared. It will provide the access to the shares and the folders within them.Steve Kline - MCITP This posting is "as is" without warranties and confers no rights.

As far as I know, there is no built in functionality which covers your request. You could write a script to gather this info, but I would recommend taking a look at the sysinternals tool accesenum.exe. it runs reporting on any path (being local or on the network) and returns an extensive list of all privileges assigned on this folder and it's subfolders. CACLS.EXE will perform this function and is built-in to the operating system itself. One of the benefits of cacls is if you plan on deploying customized file and folder permissions, it can be executed at each system via batch file without the need to customize each system.Steve Kline - MCITP This posting is "as is" without warranties and confers no rights.