VBS WSH Script

Authors: Mirko Iodice, Luca Alberti

Tested on: Windows 2000 Server, Windows 2003 Server, Windows XP Professional, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Mozilla Firefox 3.X

Download ^[2]

What is NTFS Stuff?

It is hard for a Microsoft System Administrator to keep trace of all changes made to the "logical" structure of a fileserver, so many times we felt the need for a quick and easy tool that could help us to locate those "significant" folders that, in some way, affect the normal application of NTFS permissions based on the "inheritance" principle.
NTFS Stuff is an useful WSH script, written to be used on a fileserver, that generates an HTML report which displays the NTFS access permissions structure. Two different "verbosity" levels make possible to display only the details of "significant" folders or those of the entire folders tree. In addition to the DACL of each single folder the resultant report shows other information, such as: creation date, last modified date, owner, NTFS inheritance.
We have paid particular attention to the graphical representation of information, colours and symbols make easier to note changes in the normal application of NTFS permissions, precisely based, as we said before, on the “inheritance” principle.

The following screenshot highlights the main features of this script

• The details of each folder are hidden by default, it is possible to display them by clicking on their names; these details include: full path, creation date, last modified date, owner, DACL (both Allow and Deny options).
• "Expand All" and "Collapse All" links allow to display or hide all the details with a single mouse click.
• Inheritance state is highlighted by colourful symbols.
  A green "=" means that permissions are inherited and not modified; folders identified by this symbol are not significant.
  More important are instead "x" and "+" symbols, respectively red and blue. A red "x" means infact that inheritance is turned off, while a blue "+" means that there are some differences between the permissions of the folder and those of its parents (inheritance is turned on anyway).
• To make the output more readable, the details section of folders identified by "x" and "+" symbols displays also the parent folder's permissions.
• There is the chance to set two different execution methods: with "verbosity = 0" (default) only the folders identified by symbols "x" and "+" are displayed; with "verbosity = 1" the complete folders structure is displayed, graphically represented with the use of indentation.
• To offer more control is possible to specify the number of sub-levels (recursion) that have to be analyzed starting from the root folder; this feature can also reduce the execution time.

Recommendations

NTFS Stuff, only when started on Windows 2000, prompts the user for a task priority level (1 by default). This setting is used to limit the cpu usage during the execution. It is recommended to not set the 0 level when using this script on production servers or old computers, this is because the WSH Engine normally uses the most of the machine resources and this setting could cause a system freeze. Windows XP/2003 or higher are not affected by this problem, on these systems the script is able to automatically change his task priority level to "low", in this way the resource allocation is left to the operating system.

We noticed that is impossibile to correctly view the output file on Windows Server 2003 systems with the "Internet Explorer Enhanced Security" feature turned on. To fix this problem is necessary to add about:internet in the IE Trusted Sites Zone.

DACL Legend

NTFS Stuff uses functions took from XCACLS.VBS (Windows Support Tools) to display the NTFS permissions in a more readable format.
To understand special permissions refer to the following legenda.

General:
F = Full control
M = Modify
X = read & eXecute
R = Read
W = Write

Advanced:
E = Synchronize
D = Take Ownership
C = Change Permissions
B = Read Permissions
A = Delete
9 = Write Attributes
8 = Read Attributes
7 = Delete Subfolders and Files
6 = Traverse Folder / Execute File
5 = Write Extended Attributes
4 = Read Extended Attributes
3 = Create Folders / Append Data
2 = Create Files / Write Data
1 = List Folder / Read Data

Known Issues

Folders created by macintosh systems, especially those named with the use of special characters, can cause an unexpected error.

Download

Changelog

• ntfs Stuff v1.0 - initial release
• ntfs Stuff v1.1 - fixed a CSS bug on Internet Explorer 8 and Firefox 3.5, new function added for better performance on Windows XP/2003 or higher
• ntfs Stuff v1.2 - folders that return an "Access Denied" error no longer cause the script to freeze/quit, added the ability to scan a whole drive starting at the root without the need to input a folder, Windows 2008 UAC bugfix (thanks to Helios Ciancio for feedback and source code), fixed a "Set Root Folder" input box bug, fixed some minor HTML bugs.

References

• http://www.microsoft.com/te....c=it ^[4]
• http://msdn2.microsoft.com/en....85).aspx ^[5]
• http://msdn2.microsoft.com/en....85).aspx ^[6]
• http://msdn2.microsoft.com/en....85).aspx ^[7]
• http://www.microsoft.com/te....007.mspx ^[8]
• http://kbalertz.com/88386....ervice.aspx ^[9]

Author

Mirko Iodice
mirko -at- notageek (.dot) it

Suggeriti dall'autore

• Mettere ordine alle autorizzazioni di un File Server utilizzando NTFS Stuff v1
• WSH - Windows Scripting Host