Ceos3c

Linux, Open Source and Cyber Security Tutorials

Ceos3c
Sysadmin 

List folder permissions on Windows: The easy way

Stefan 0 Comments , min read

Welcome back, fellow Sysadmins. Today I want to show you a quick way on how to list folder permissions in a Windows environment. I recently needed to list folder permissions and was searching for an easy way to list all permissions a certain user has. There is a tool called SubInAcl that get’s the job done for us. I will quickly guide you through all of the steps.

 

Step 1 – Download and install SubInAcl

Simply download & install the SubInAcl MSI file. Make sure to remember the location where you install it, by default, it is C:\Program Files (x86)\Windows Resource Kits\Tools

 

Step 2 – Opening a cmd with admin privileges

Now we need to open an elevated command line window. Simply hit the Windows key and type cmd. Right-click it and select run as administrator.

list folder permissions
Running cmd

 

Next, we need to change into the SubInACL directory by typing:

cd "C:\Program Files (x86)\Windows Resource Kits\Tools"
list folder permissions
Navigating to the SubInAcl folder

Now we are able to run the script.

 

Step 3 – Running SubInACL to list folder permissions

The command you want to run now is:

subinacl /testmode /noverbose /outputlog=c:\permissions.txt /subdirectories=directoriesonly X:\*.* /findsid=DOMAIN\username

 

Where X:\*.* indicates the drive you want to search permissions on and /findsid=DOMAIN\username represents your domain and the user you want to list permissions for.

You have to have the drive connected to your computer to perform the search. Alternatively, instead of X:\*.* you might be able to use \\IPorFQDNofYourShare\Foldername\*.*

Now, depending on how many permissions the user has, this can take a long time to complete. After the script is finished, you can find your permissions.txt in your C:\ drive root directory. The output will look something like this:

+File X:\Foldername\Subfolder1\Subfolder2
/control=0x0
/pace =NameOfYourDomain.com\username  Type=0x0 Flags=0x13 AccessMask=0x1201ff

 

To clean that up a bit you could use Microsoft Excel or something like this and use a filter, to only display lines start with +File. I found this to be a good way if I have to quickly look up user permissions. It works well and is relatively fast.

This concludes this tutorial.

Tell us what you think!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: