Option Explicit
Dim str_CarpetaOrigen
Dim obj_ServicioWMI
Dim obj_EntradasDeSeguridadDeCarpeta
Dim obj_DescriptorDeSeguridad
Dim int_Devolucion
Dim int_FlagsDeControl
Dim arr_ACEs
Dim obj_ACE
Dim obj_FileSystemObject
Const SE_DACL_PRESENT = &h4
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
Const FILE_ALL_ACCESS = &h1f01ff
Const FOLDER_ADD_SUBDIRECTORY = &h000004
Const FILE_DELETE = &h010000
Const FILE_DELETE_CHILD = &h000040
Const FOLDER_TRAVERSE = &h000020
Const FILE_READ_ATTRIBUTES = &h000080
Const FILE_READ_CONTROL = &h020000
Const FOLDER_LIST_DIRECTORY = &h000001
Const FILE_READ_EA = &h000008
Const FILE_SYNCHRONIZE = &h100000
Const FILE_WRITE_ATTRIBUTES = &h000100
Const FILE_WRITE_DAC = &h040000
Const FOLDER_ADD_FILE = &h000002
Const FILE_WRITE_EA = &h000010
Const FILE_WRITE_OWNER = &h080000
Const WBEM_RETURN_IMMEDIATELY = &h10
Const WBEM_FORWARD_ONLY = &h20
'la carpea que pasamos como parametro, sino la actual
If Wscript.Arguments.Count = 0 Then
str_CarpetaOrigen = "."
Else
str_CarpetaOrigen = Wscript.Arguments(0)
End If
'Creamos el objeto FileSystem
Set obj_FileSystemObject = CreateObject("Scripting.FileSystemObject")
'Llamamos a la rutina que obtiene las ACLs
Call s_Muestra_ACLs(obj_FileSystemObject.GetFolder(str_CarpetaOrigen))
Sub s_Muestra_ACLs(obj_Carpeta)
Dim obj_SubCarpeta 'Objeto que albergará cada carpeta contenida en la
'carpeta obj_Carpeta
'ruta de la carpeta en la que estamos
WScript.StdOut.Write vbCrLf & obj_Carpeta.Path
'Creamos un objeto del servicio WMI
Set obj_ServicioWMI = GetObject("winmgmts:")
'Creamos un objeto con las entradas de seguridad de la carpeta
Set obj_EntradasDeSeguridadDeCarpeta = _
obj_ServicioWMI.Get _
( _
"Win32_LogicalFileSecuritySetting='" & _
obj_Carpeta.Path & "'" _
)
'Creamos un objeto descriptor de seguridad
int_Devolucion = _
obj_EntradasDeSeguridadDeCarpeta.GetSecurityDescriptor _
(obj_DescriptorDeSeguridad)
'Almacenamos los flags de control del descriptor de seguridad
int_FlagsDeControl = obj_DescriptorDeSeguridad.ControlFlags
'revisamos los flags
If (int_FlagsDeControl AND SE_DACL_PRESENT) _
= SE_DACL_PRESENT Then
arr_ACEs = obj_DescriptorDeSeguridad.DACL
For Each obj_ACE in arr_ACEs
WScript.StdOut.Write "\" & obj_ACE.Trustee.Domain & "\" & obj_ACE.Trustee.Name & " "
If (obj_ACE.AceType = ACCESS_ALLOWED_ACE_TYPE) _
= ACCESS_ALLOWED_ACE_TYPE Then
WScript.StdOut.Write "P: "
ElseIf (obj_ACE.AceType = ACCESS_DENIED_ACE_TYPE) _
= ACCESS_DENIED_ACE_TYPE Then
WScript.StdOut.Write "D: "
End If
If (obj_ACE.AccessMask AND FILE_ALL_ACCESS) _
= FILE_ALL_ACCESS Then
WScript.StdOut.Write "FAA "
End If
If (obj_ACE.AccessMask AND FOLDER_ADD_SUBDIRECTORY) _
= FOLDER_ADD_SUBDIRECTORY Then
WScript.StdOut.Write "FAS "
End If
If (obj_ACE.AccessMask AND FILE_DELETE) _
= FILE_DELETE Then
WScript.StdOut.Write "FD "
End If
If (obj_ACE.AccessMask AND FILE_DELETE_CHILD) _
= FILE_DELETE_CHILD Then
WScript.StdOut.Write "FDC "
End If
If (obj_ACE.AccessMask AND FOLDER_TRAVERSE) _
= FOLDER_TRAVERSE Then
WScript.StdOut.Write "FT "
End If
If (obj_ACE.AccessMask AND FILE_READ_ATTRIBUTES) _
= FILE_READ_ATTRIBUTES Then
WScript.StdOut.Write "FRA "
End If
If (obj_ACE.AccessMask AND FILE_READ_CONTROL) _
= FILE_READ_CONTROL Then
WScript.StdOut.Write "FRC "
End If
If (obj_ACE.AccessMask AND FOLDER_LIST_DIRECTORY) _
= FOLDER_LIST_DIRECTORY Then
WScript.StdOut.Write "FLD "
End If
If (obj_ACE.AccessMask AND FILE_READ_EA) _
= FILE_READ_EA Then
WScript.StdOut.Write "FREA "
End If
If (obj_ACE.AccessMask AND FILE_SYNCHRONIZE) _
= FILE_SYNCHRONIZE Then
WScript.StdOut.Write "FS "
End If
If (obj_ACE.AccessMask AND FILE_WRITE_ATTRIBUTES) _
= FILE_WRITE_ATTRIBUTES Then
WScript.StdOut.Write "FWA "
End If
If (obj_ACE.AccessMask AND FILE_WRITE_DAC) _
= FILE_WRITE_DAC Then
WScript.StdOut.Write "FWD "
End If
If (obj_ACE.AccessMask AND FOLDER_ADD_FILE) _
= FOLDER_ADD_FILE Then
WScript.StdOut.Write "FAF "
End If
If (obj_ACE.AccessMask AND FILE_WRITE_EA) _
= FILE_WRITE_EA Then
WScript.StdOut.Write "FWEA "
End If
If (obj_ACE.AccessMask AND FILE_WRITE_OWNER) _
= FILE_WRITE_OWNER Then
WScript.StdOut.Write "FWO "
End If
Next
Else
WScript.StdOut.Write "NACL"
End If
'Realizamos una llamada recursiva en cada una de las carpetas contenidas en la carpeta recibida como parámetro.
For Each obj_SubCarpeta In obj_Carpeta.SubFolders
Call s_Muestra_ACLs(obj_Subcarpeta)
Next
End Sub