Category: NT Admin
Author/Contact Info OzzyOsbourne

Uses File::Find and Win32::FileSecurity to dump file permissions to a text file on shares that you specify.

Usage {share} {outputlog}


If the account does not have a permission, the script double tabs, for easy visual inspection.

By importing the resultant tab-delimited log into a spreadsheet program, you can sort by account(colC), then share(colB), then server(colA), to very simply compare directory rights across your file and prints.

Thanks to Tyke.

use strict;
use Win32::FileSecurity qw(Get EnumerateRights);
use File::Find;

my $share=$ARGV[0];
my $out=$ARGV[1];
my ($name,$mask,@rights,%hash,$server,%rights2,@folders,$subfolder,$se
@servers=map ("//$_/$share",@servers);

open (OUT, ">$out") or die "can't open log file!";    

foreach $server( @servers ) {
print "$server\n";
    find(\&wanted, $server);
    foreach $subfolder (@folders){
    print "\t:$subfolder\n";
        next unless -e $subfolder ;
    if ( Get( $subfolder, \%hash ) ) {
        while( ($name, $mask) = each %hash ) {
        print OUT "$servsplit\t$subsplit\t$name\t"; 
        EnumerateRights( $mask, \@rights ) ;#creates @rights, a list o
+f rights for the account
        foreach $right (@rights){
                $rights2{$right} = 1;
        foreach $item (@rightsmatch){
        if (exists $rights2{$item}){
            print OUT "$item\t";
            print OUT "\'\t";
        print OUT "\n";
    else {
        print( "Error #", int( $! ), ": $!" ) ;

close OUT;

sub wanted {
    if (-d){
        push @folders, "$File::Find::dir/$_";