Ceos3c

pfSense, Linux, SysAdmin and InfoSec Tutorials

Ceos3c
Sysadmin 

List folder permissions on Windows: The easy way

ceos3c 0 Comments , ,

Welcome back, fellow Sysadmins. Today I want to show you a quick way on how to list folder permissions in a Windows environment. I recently needed to list folder permissions and was searching for an easy way to list all permissions a certain user has. There is a tool called SubInAcl that get’s the job done for us. I will quickly guide you through all of the steps.

 

Step 1 – Download and install SubInAcl

Simply download & install the SubInAcl MSI file. Make sure to remember the location where you install it, by default, it is C:\Program Files (x86)\Windows Resource Kits\Tools

 

Step 2 – Opening a cmd with admin privileges

Now we need to open an elevated command line window. Simply hit the Windows key and type cmd. Right-click it and select run as administrator.

list folder permissions
Running cmd

 

Next, we need to change into the SubInACL directory by typing:

cd "C:\Program Files (x86)\Windows Resource Kits\Tools"
list folder permissions
Navigating to the SubInAcl folder

Now we are able to run the script.

 

Step 3 – Running SubInACL to list folder permissions

The command you want to run now is:

subinacl /testmode /noverbose /outputlog=c:\permissions.txt /subdirectories=directoriesonly X:\*.* /findsid=DOMAIN\username

 

Where X:\*.* indicates the drive you want to search permissions on and /findsid=DOMAIN\username represents your domain and the user you want to list permissions for.

You have to have the drive connected to your computer to perform the search. Alternatively, instead of X:\*.* you might be able to use \\IPorFQDNofYourShare\Foldername\*.*

Now, depending on how many permissions the user has, this can take a long time to complete. After the script is finished, you can find your permissions.txt in your C:\ drive root directory. The output will look something like this:

+File X:\Foldername\Subfolder1\Subfolder2
/control=0x0
/pace =NameOfYourDomain.com\username  Type=0x0 Flags=0x13 AccessMask=0x1201ff

 

To clean that up a bit you could use Microsoft Excel or something like this and use a filter, to only display lines start with +File. I found this to be a good way if I have to quickly look up user permissions. It works well and is relatively fast.

This concludes this tutorial.

Leave a Reply

Tell us what you think!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of
%d bloggers like this: