I want to make a snapshot before the modification of security and a snapshot after these modifications.
I need to investigate which modifications have been made ( security-aclwise), to a pc by an installation package.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
You can use pracl.exe to dump existing acls to a text file - you could do this to both configurations then use your favourite comparison tool to see the differences in the two text files.

There's a catch though - pracl.exe is not free (unless your firm already has it) - in fact I undestand it's quite expensive...

I don't know of any alternatives but some bright spark on here might...

Cheers,
Rob.

EDIT: Have a look at this: http://www.codeproject.com/KB/vbscript/VBScript_ACL_Crawl.aspx


' ListACL.vbs

' ACL Modifications by CyberneticWraith, 2005

' Changed it to display ACL information for folders

' Uses "cacls.exe"

' Run with cscript!

'

'

' IndexScripts()

'

'

' Written by Keep Bertha Surfin Heavy Industries,

' a division of Keep Bertha Surfin Electrical Concern

' Version 1.0 - KeepBerthaSurfin@Hotmail.com

'


' First thing, check the argument list for a directory.

' If they didn't specify one, use the current directory.


option explicit

' Run the function :)

call IndexScripts


sub IndexScripts()

dim fso
set fso = createobject("scripting.filesystemobject")

dim loc
if WScript.Arguments.Count = 0 then
loc = fso.GetAbsolutePathName(".")
else
loc = WScript.Arguments(0)
end if

GetWorkingFolder loc, 0, 1, "|"

set fso = nothing

End Sub


' called recursively to get a folder to work in

function GetWorkingFolder(foldspec, foldcount, _
firsttime, spacer)

Dim objShell,oExec
Set objShell = CreateObject("WScript.Shell")

dim fso
Set fso = CreateObject("Scripting.FileSystemObject")

dim fold
set fold = fso.GetFolder(foldspec)

dim foldcol
set foldcol = fold.SubFolders

'do the first folder stuff

if firsttime = 1 then
wscript.echo fold.path

foldcount = foldcol.count
firsttime = 0
end if

dim remaincount
remaincount = foldcol.count

'do the subfolder stuff

dim sf
for each sf in foldcol

'execute cacls to display ACL information

Set oExec = _
objShell.Exec("cacls " & chr(34) & sf.path & chr(34))

Do While Not oExec.StdOut.AtEndOfStream
str = oExec.StdOut.ReadAll
Dim str
Wscript.StdOut.WriteLine str
Loop

set oExec = nothing

remaincount = GetWorkingFolder (foldspec +"\"+sf.name, _
remaincount, firsttime, spacer)

next

'clean up

set fso = nothing

GetWorkingFolder = foldcount - 1

end function
Answered 09/20/2010 by: MSIPackager
Third Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity