3

I want to make a list of access denied files/folders for a given account. I'm aware "icacls" handles making lists of files/folders given an account name.

e.g. This command lists access denied per folder on screen:

icacls c:\*. /findsid "User" /T /C /L /Q > c:\results.txt

...but it doesn't list the access denied folders in the results file.

How can I do this?

DavidPostill
  • 156,873
whatever1234566
  • 159

1 Answers1

2

Nevermind, I figured it out. The issue was that there's two ways to output:

  1. Through "STDOUT"

  2. Through "STDERR"

https://support.microsoft.com/en-us/kb/110930#/en-us/kb/110930

So, I can just execute something like so:

icacls c:*. /findsid "User" /T /C /L /Q 2> c:\resultsFolders.txt

icacls c:*.* /findsid "User" /T /C /L /Q 2> c:\resultsFiles.txt

whatever1234566
  • 159
  • Wouldn't that be icacls c:*.* /findsid "User" /T /C /L /Q > c:\updatedFiles.txt 2> c:\accessDeniedFiles.txt..? Another thought is that using c:*. and c:*.* is not 100% accurate. You will get better (ie: more accurate) results if you use a for (dir /AD) statement.. – kodybrown Dec 19 '15 at 15:20
  • How's using wildcards any different? – whatever1234566 Dec 20 '15 at 01:54
  • Just that *. can pick up files and folders without an extension, just like *.* can pick up both files and folders with an extension. – kodybrown Dec 20 '15 at 03:33
  • 1
    Using dir /ad will only list directories and dir /a-d will only list files. Using them in a 'for' loop would look like this: for /f %G in ('"dir /ad /b"') do @echo %G.. (When using the for loop inside a batch file, be sure to use %%G instead of %G.) – kodybrown Dec 20 '15 at 03:48