Folder permission

(imported topic written by var91)

hi @all,

I have this relevance:

(account name of trustee of it & " - " & (if (generic all permission of it) then “Full Control” else “”) & (if (generic read permission of it) then “Read” else “”) & (if (generic write permission of it) then “Write” else “”) ) of entries whose (generic all permission of it OR generic read permission of it OR generic write permission of it) of dacl of security descriptor of folder (expand environment string of “C:\Program Files (x86)\ADAP”)

Result:

TrustedInstaller - Full Control

SYSTEM - Full Control

Administratoren - Full Control

Benutzer - Read

ERSTELLER-BESITZER - Full Control

Evaluation time: 9.246 ms

But in the attachment you can see that this is not correct for the User “Benutzer”.

There are any failures in my relevance??

Please help me.

Thanks Andi

(imported comment written by var91)

This is also not working correct:

Relevance

effective generic all permission for “Benutzer” of dacls of security descriptors of folder “C:\Program Files (x86)\ADAP”

Result:

False

Evaluation time: 86.307 ms

(imported comment written by SystemAdmin)

The "generic

xxxx

permission" inspectors don’t seem to work for very often either. Try this:

effective access mode for “Benutzer” of dacls of security descriptors of folder “C:\Program Files (x86)\ADAP”

That will put Benutzer’s effective permission on the folder in decimal format. I wrote relevance to convert this decimal format to GUI-ish output, but it’s really long. See attachment if you’d like to use it.

(imported comment written by MattBoyd)

If you click the “Advanced” button in the permissions dialog, is the “Full Control” entry for that user listed as inherited from a parent folder? If so, I don’t think it’s explicitly in the access control entries for that folder. At the moment, the only way I know of to get around that is to use the “effective” inspectors from the dacls:

effective generic all permission for of dacls of security descriptors of folder “xyz”