Here in this chapter we are going to learn File permission
One of the biggest pains when performing an entire file server migration or simply moving a few file shares around is permissions. File permissions have always been a black box to most IT admins. What seems like an easy task when setting basic permissions can soon turn into a nightmare when attempting to transfer them to another location. Visions of Security Descriptor Definition Language (SDDL) strings, propagation and inheritance values soon turn an admin's day into a nightmare. Let's try to prevent that as much as possible by building a small script that will at least make your day dealing with file system permissions a little bit better.
When setting an ACL for a file or folder, you're most likely familiar with the typical Security tab on every file and folder in Windows.
Icacls is a native utility to all computers since Windows XP so chances are, you've already got it on your machine. In this case, it's just a matter of knowing which parameters to pass to it. To see all of the parameters available, use the /? parameter. This will display all of the numerous possibilities.
To perform the task, we're here for today only requires a few of these possibilities. To view all permissions on a single folder or file, you would just specify the element.
Once we've confirmed that icacls can view the permissions we can now force it to save them to a file. That can be done with the /save parameter and specifying a file path argument.
icacls C:\Folder /save “C:\permissions.txt" /t
Above, I'm telling icacls to save all of the permissions for the C:Folder folder along with all files and folders inside to a file called C:permissions.txt. If you then look inside of the text file, you'll see what I mean about SDDL.
One final parameter I use is the /c parameter. This parameter allows icacls to continue if it receives an error. This sometimes happens when it can't access a file or folder. This makes the final command line:
icacls C:\Folder /save “C:\permissions.txt" /t /c
Using this command allows you to save all file and folder permissions for everything inside of C:Folder. This is a simple method to dump all permissions quickly.