Checking folder permissions

system · June 5, 2009, 12:48am

(imported topic written by scherry91)

I’m trying to write a relevance to check if the local Users group on a workstation has Modify access to a folder and am a little confused. If I use:

effective write permission for “Users” of dacls of security descriptors of folder “C:\ADS”

it returns true, even though Users has Read & Execute permissions, not Write or Modify. If I use:

effective generic write permission for “Users” of dacls of security descriptors of folder “C:\ADS”

it returns False, which would seem to be correct but when I change the permissions to expicitly grant write access to the folder, it still returns False. What is the difference between these two inspectors? Or should I be using a different inspector altogether?

Thanks.

BenKus · June 5, 2009, 2:56pm

(imported comment written by BenKus)

Hmmm… can you look at the “Effective permisssions” tab in your folder properties and see what they say? It should be using the same Windows APIs as our inspector…

Also, note that you need to be careful with these inspectors because they might inadvertently cause an AD query and so you should check the load on your AD servers.

Ben