Welcome back, fellow Sysadmins. Today I want to show you a quick way how to list folder permissions in a Windows environment.
I recently needed to list folder permissions and was searching for an easy way to list all permissions a certain user has. There is a tool called SubInAcl that gets the job done for us. I will quickly guide you through all of the steps.
Table of Contents
- Step 1 – Download and install SubInAcl
- Step 2 – Opening a cmd with admin privileges
- Step 3 – Running SubInACL to list folder permissions
Step 1 – Download and install SubInAcl
Simply download & install the SubInAcl MSI file. Make sure to remember the location where you install it, by default, it is C:\Program Files (x86)\Windows Resource Kits\Tools
Step 2 – Opening a cmd with admin privileges
Now we need to open an elevated command line window. Simply hit the Windows key and type cmd. Right-click it and select run as administrator.
Next, we need to change into the SubInACL directory by typing:
cd "C:\Program Files (x86)\Windows Resource Kits\Tools"
Code language: JavaScript (javascript)
Now we are able to run the script.
Step 3 – Running SubInACL to list folder permissions
The command you want to run now is:
subinacl /testmode /noverbose /outputlog=c:\permissions.txt /subdirectories=directoriesonly X:\*.* /findsid=DOMAIN\username
Where X:\*.* indicates the drive you want to search permissions on, and /findsid=DOMAIN\username represents your domain and the user you want to list permissions for.
You have to have the drive connected to your computer to perform the search. Alternatively, instead of X:\*.* you might be able to use \\IPorFQDNofYourShare\Foldername\*.*
Now, depending on how many permissions the user has, this can take a long time to complete. After the script is finished, you can find your permissions.txt in your C:\ drive root directory. The output will look something like this:
+File X:\Foldername\Subfolder1\Subfolder2
/control=0x0
/pace =NameOfYourDomain.com\username Type=0x0 Flags=0x13 AccessMask=0x1201ff
To clean that up a bit, you could use Microsoft Excel or something like this and use a filter only to display lines starting with +File. I found this to be a good way if I have to look up user permissions quickly. It works well and is relatively fast.
This concludes this tutorial.
Hello Stefan, thanks a bunch for this, could you help me how we can modify the script just show up the main folders, my file shared system has this structure:
D:\
D:\NAS
D:\NAS\Folder1
D:\NAS\Folder2
…
D:\Users
D:\Users\John
D:\Users\Sarah
…
So, I would like the user permission only for this folders (D:\NAS\Folder1…, D:\Users\John…)
and avoid the subfolders (D:\NAS\Folder1\Subfolder1, D:\NAS\Folder1\Subfolder2,… etc)
Just the folders in root path
How we can modify the script to make it this?
thanks again 🙂