(imported comment written by BenKus)
Hi Alagos,
This relevance can get you started (BES 6.0+ only):
q: (effective read permission for “Administrator” of it, effective write permissions for “Administrator” of it) of dacl of security descriptor of folder "C:"
A: True, True
And for multiple folders:
q: (pathname of it, effective read permission for “Administrator” of dacls of security descriptors of it, effective write permissions for “Administrator” of dacls of security descriptors of it) of folders (unique values of pathnames of parent folders of descendants of folder “C:\doctemp”)
A: C:\doctemp\cg140, True, True
A: C:\doctemp\cg140\cab, True, True
A: C:\doctemp\cg193, True, True
A: C:\doctemp\cg193\cab, True, True
A: C:\doctemp\kf920, True, True
A: C:\doctemp\nd244, True, True
A: C:\doctemp\nd244\cab, True, True
A: C:\doctemp\rf974, True, True
A: C:\doctemp\up839, True, True
A: C:\doctemp\w9082, True, True
Note that you need to supply a username or group name to see if the permissions.
BIG FAT WARNING:
This expression can be VERY slow (many seconds or possible minutes) depending on how many folders you are iterating over and how many files are there. Also, if you are looking for permissions about an Active Directory user or group, it will be slower.
If you are iterating over rather small parts of the file system (like a dozen or so folders), then it might only be a second or two, but if you iterate over many folders, it will be significantly slower. In the slow cases, this is not something that works well in a property… In the slow cases, you likely want to periodically run an action to write the results to a file and your property can return information to a file (here is an example of how this works: http://forum.bigfix.com/viewtopic.php?pid=1348)
Ben