Execute permissions on file

(imported topic written by SystemAdmin)

I am trying to check if Everyone has execute permissions on a specific file. My Q is below. Not quite sure what I’m doing wrong but it evaluates true even if Everyone is denied all permissions to the file. Any guidance is appreciated.

q: (name of it, (account name of trustee of it, execute permissions of it) of entries whose (account name of trustee of it = “Everyone”) of dacls of security descriptors of it) of file “C:\Program Files\Windows NT\Accessories\mswrd8.wpc”

(imported comment written by SystemAdmin)

bump, anyone?

(imported comment written by SystemAdmin)

How about…

effective execute permission for “Everyone” of dacls of security descriptors of file “C:\Program Files\Windows NT\Accessories\mswrd8.wpc”


(imported comment written by SystemAdmin)

Much cleaner then what I was doing, I stole some other code I found on the forum and didn’t have much luck modifying it.

Thank you, works beautifully!

(imported comment written by BenKus)

Hey guys,


You need to be very careful with this relevance using “effective permissions”. What we have found is that the Microsoft APIs that control this permissions lookup will potentially make active directory calls to lookup account names. So if you have enough computers evaluating this relevance, it can cause extra Active Directory load.

Some people have not experienced any issues with this relevance (there seems to be some sort of Active Directory or account configurations that seem to make this problem be better or worse), but I recommend you use extreme caution:

  1. Consider not using this relevance at all.

  2. If you put this relevance in a property, change the evaluation time to something like 1 day.

  3. Talk to your AD administrators about this change and they can see if they see any extra load on their servers.

The last thing you/we want is to cause load in areas outside of BigFix and we have found that permissions calls have some potential side-effects so we are very paranoid about them.

Please take this under consideration.