I have to obtain the permissions for folders listed in a file (c:\bigfix\folders.txt). The file could have multiple lines.
I was guiding in:
(account name of trustee of it & " - " & (if (generic all permission of it) then “Full Control” else “”) & (if (generic read permission of it) then “Read” else “”) & (if (generic write permission of it) then “Write” else “”) ) of entries whose (generic all permission of it OR generic read permission of it OR generic write permission of it) of dacl of security descriptor of windows folder
But it only works with one folder (in the example the windows folder).
I think i need to add some "for each line… of file “c:\bigfix\folders.txt” " command for meet my objetive.
Could you help me?
The way to get it to run against multiple folders in a file, rather than just the windows folder is to replace windows folder with folders (lines of file "C:\bigfix\folders.txt"). That uses relevance to create a folder object out of each line of the file that can be cast as one.
Once you do that, though, with your current relevance you aren’t going to be able to tell which security descriptor applies to which folder, so you probably want to consider putting it into a tuple that gives you the folder name and the security descriptor of it. The basic idea is:
q: (it, relevance to get security descriptors of it) of folders (lines of file "C:\bigfix\folders.txt")
So the real one looks like this on my machine:
q: (it, (account name of trustee of it & " - " & (if (generic all permission of it) then "Full Control" else "") & (if (generic read permission of it) then "Read" else "") & (if (generic write permission of it) then "Write" else "") ) of entries whose (generic all permission of it OR generic read permission of it OR generic write permission of it) of dacl of security descriptor of it) of folders (lines of file "C:\bigfix\folders.txt")
A: C:\Users\alinder, SYSTEM - Full ControlReadWrite
A: C:\Users\alinder, Administrators - Full ControlReadWrite
A: C:\Users\alinder, alinder - Full ControlReadWrite
A: C:\Windows, TrustedInstaller - Full ControlReadWrite
A: C:\Windows, SYSTEM - ReadWrite
A: C:\Windows, Administrators - ReadWrite
A: C:\Windows, Users - Read
A: C:\Windows, ALL APPLICATION PACKAGES - Read
A: C:\Windows, ALL RESTRICTED APPLICATION PACKAGES - Read
A: C:\Program Files, TrustedInstaller - Full ControlReadWrite
A: C:\Program Files, SYSTEM - ReadWrite
A: C:\Program Files, Administrators - ReadWrite
A: C:\Program Files, Users - Read
A: C:\Program Files, ALL APPLICATION PACKAGES - Read
A: C:\Program Files, ALL RESTRICTED APPLICATION PACKAGES - Read
T: 6.720 ms
I: plural ( folder, string )
This answer still looks a little unwieldy to me – there’s other stuff you could do around concatenating the results for each folder, but hopefully this gets you started.