Using only standard commands, I have scripted SharedFolderPerms.bat to report the NTFS folder permissions
on a computer's shared folders.
The syntax for using SharedFolderPerms.bat is:
SharedFolderPerms [/$] [/S]
Where /$ is an optional parameter that will enumerate hidden shares, and
/S is an optional parameter that will report sub-folder permissions.
The report is generated in a SharedFolderPerms.log file which is created in the current folder.
NOTE: See When I query the ACL of an object with CACLS, what does the (OI), (IO), (CI), and (NP) mean?
SharedFolderPerms.bat contains:
@echo off
setlocal
if exist SharedFolderPerms.log del /q SharedFolderPerms.log
set exclude=Y
set subs=N
if /i {%1} EQU {/$} set exclude=N
if /i {%1} EQU {/S} set subs=Y
if /i {%2} EQU {/$} set exclude=N
if /i {%2} EQU {/S} set subs=Y
for /f "Tokens=1*" %%a in ('net share ^|FINDSTR /I /L /C:":"') do (
call :parse1 %%a "%%b"
)
endlocal
goto :EOF
:parse1
set shr=%1
set fld=%2
if "%fld:~2,2%" NEQ ":\" goto :EOF
if "%exclude%" EQU "N" goto parse2
set wrk=%shr:$=%
if "%wrk%" NEQ "%shr%" goto :EOF
:parse2
set wrk=%fld: =%
if %wrk% EQU %fld% goto parse4
set /a pos=0
:parse3
set /a pos=%pos% + 1
call set char=%%fld:~%pos%^,2%%
if "%char%" NEQ " " goto parse3
call set fld=%%fld:~0,%pos%%%"
set fld=%fld:\"="%
:parse4
set fld=%fld:\"="%
set /a pos=%pos% - 1
if %pos% EQU 3 call set fld=%fld:~1,2%@echo Share=%shr%,Folder=%fld%>>SharedFolderPerms.log
cacls %fld% >>SharedFolderPerms.log
if "%subs%" EQU "N" goto parse5
for /f "Tokens=*" %%f in ('dir %fld% /b /s /ad') do (
cacls "%%f" >>SharedFolderPerms.log
)
:parse5
@echo ______________________________________>>SharedFolderPerms.log