Finding all files in NTFS with specific user or group in ACL

security ntfs file-permissions permissions access-control-list

Solution 1:

Thanks, "unknown". Your PowerShell script doesn't work for me, but I hacked together something that does. I'm new to it, too, but after some trial and error:

Get-ChildItem "C:\SOME\DIR" -recurse | 
    ForEach-Object { 
        $fname = $_.FullName
        $acl = Get-Acl $fname
        foreach ($e in $acl.Access) {
            If ( -not $e.IsInherited -and
                 $e.AccessControlType -eq "Allow" -and 
                 $e.IdentityReference -eq "SOMEDOMAIN\Somegroup") 
            {
                Write-Host $fname
                break
            }
        }
    }

Somebody with PowerShell kungfu could probably clean this up a bit. Note that I have it ignore inherited entries, because I'm only interested in knowing where the access begins.

Solution 2:

Untested, and a little new to powershell, but something like this would write it to screen. From there you could dump it to a file or whatever.

Get-ChildItem "RootFolderPath" -recurse | 
    ForEach-Object { 
        $acl = Get-Acl $_.FullName
        If $acl.ContainsKey "User/Group" {Write-Host $_.FullName}
    }

Related

VNC only over SSH
Cisco Firewall vs Cisco Router ACLs
ntpdate not updating system time in XenServer VM
Dividing web traffic between servers
MySQL - recreate default mysql database
How do you physically transport your backup media?
xcopy is illogical?
Using UUIDs for passwords
Recover Pokémon Held Items from Events
How do I make a nation my protectorate?
League of Legends - How to set hotkey mapping for default ctrl-click e.g. print frame rate to chat screen
Dragon Boss strategy?