Trying to clean up permissions on this IIS6 w/ PHP CGI server, it seems that several files/folders have write permissions for Everyone. (You can probably guess what is happening, repeatedly.)
So, basically, I'm looking for the equivalent of find $directory -perm 777 -exec ls -ld {} \;
I can do that first part, listing files that mention Everyone with icacls, but can't seem to display the actual ACL:
icacls \directory /findSID *S-1-1-0 /t
Looking at the subinacl documentation and various google results, it seems that I can use /subdirectories and /display to achieve this, but it returns immediately with no results and no errors:
C:\>subinacl /subdirectories \directory\*.* /findsid=Everyone /display
+subdirectories \directory\*.*
/findsid=Everyone
/display
Elapsed Time: 00 00:00:00
Done: 0, Modified 0, Failed 0, Syntax errors 0
Orbitron's suggestion is great, but if you want to use a purely PowerShell way without having to install pstools, have a look at the
select-stringcmdlet. You may have to pipe the object pipeline to a file first and then consume it with select-string or you can wedgeout-stringinto the pipeline.Get-ChildItem -Recurse | Get-Acl | out-string -stream | select-string -pattern "everyone"This worked for me with powershell and pstools:
Get-ChildItem C:\temp\ -Recurse | Get-Acl | grep "Everyone"You may need to refine it more for your needs, but powershell is the way to go here.