Executive summary: I want to find all the directories and files a particular user or group has access to.
In more detail: I'm looking for a command-line tool to recursively search an NTFS directory for all files and directories where an ACE in the DACL contains a given user or group. If I wanted to modify permissions, I would use subinacl or SetACL. I thought I would be able to use one of these tools to search and display, too, but I'm having trouble finding a straight-forward solution.
I could use SetACL like so:
setacl -on C:\SOME_DIR -ot file -actn list -lst "f:tab;w:d;i:y;" -rec cont
and then grep for the user of interest, but I'd like a more elegant solution. I'm probably missing something here. Any ideas?
Best Answer
Thanks, "unknown". Your PowerShell script doesn't work for me, but I hacked together something that does. I'm new to it, too, but after some trial and error:
Somebody with PowerShell kungfu could probably clean this up a bit. Note that I have it ignore inherited entries, because I'm only interested in knowing where the access begins.