I need a tool to compare acls on a windows pc
I want to make a snapshot before the modification of security and a snapshot after these modifications.
I need to investigate which modifications have been made ( security-aclwise), to a pc by an installation package.
I need to investigate which modifications have been made ( security-aclwise), to a pc by an installation package.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
MSIPackager
14 years ago
You can use pracl.exe to dump existing acls to a text file - you could do this to both configurations then use your favourite comparison tool to see the differences in the two text files.
There's a catch though - pracl.exe is not free (unless your firm already has it) - in fact I undestand it's quite expensive...
I don't know of any alternatives but some bright spark on here might...
Cheers,
Rob.
EDIT: Have a look at this: http://www.codeproject.com/KB/vbscript/VBScript_ACL_Crawl.aspx
There's a catch though - pracl.exe is not free (unless your firm already has it) - in fact I undestand it's quite expensive...
I don't know of any alternatives but some bright spark on here might...
Cheers,
Rob.
EDIT: Have a look at this: http://www.codeproject.com/KB/vbscript/VBScript_ACL_Crawl.aspx
' ListACL.vbs
' ACL Modifications by CyberneticWraith, 2005
' Changed it to display ACL information for folders
' Uses "cacls.exe"
' Run with cscript!
'
'
' IndexScripts()
'
'
' Written by Keep Bertha Surfin Heavy Industries,
' a division of Keep Bertha Surfin Electrical Concern
' Version 1.0 - KeepBerthaSurfin@Hotmail.com
'
' First thing, check the argument list for a directory.
' If they didn't specify one, use the current directory.
option explicit
' Run the function :)
call IndexScripts
sub IndexScripts()
dim fso
set fso = createobject("scripting.filesystemobject")
dim loc
if WScript.Arguments.Count = 0 then
loc = fso.GetAbsolutePathName(".")
else
loc = WScript.Arguments(0)
end if
GetWorkingFolder loc, 0, 1, "|"
set fso = nothing
End Sub
' called recursively to get a folder to work in
function GetWorkingFolder(foldspec, foldcount, _
firsttime, spacer)
Dim objShell,oExec
Set objShell = CreateObject("WScript.Shell")
dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
dim fold
set fold = fso.GetFolder(foldspec)
dim foldcol
set foldcol = fold.SubFolders
'do the first folder stuff
if firsttime = 1 then
wscript.echo fold.path
foldcount = foldcol.count
firsttime = 0
end if
dim remaincount
remaincount = foldcol.count
'do the subfolder stuff
dim sf
for each sf in foldcol
'execute cacls to display ACL information
Set oExec = _
objShell.Exec("cacls " & chr(34) & sf.path & chr(34))
Do While Not oExec.StdOut.AtEndOfStream
str = oExec.StdOut.ReadAll
Dim str
Wscript.StdOut.WriteLine str
Loop
set oExec = nothing
remaincount = GetWorkingFolder (foldspec +"\"+sf.name, _
remaincount, firsttime, spacer)
next
'clean up
set fso = nothing
GetWorkingFolder = foldcount - 1
end function
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
