I want to make a snapshot before the modification of security and a snapshot after these modifications.
I need to investigate which modifications have been made ( security-aclwise), to a pc by an installation package.
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


You can use pracl.exe to dump existing acls to a text file - you could do this to both configurations then use your favourite comparison tool to see the differences in the two text files.

There's a catch though - pracl.exe is not free (unless your firm already has it) - in fact I undestand it's quite expensive...

I don't know of any alternatives but some bright spark on here might...


EDIT: Have a look at this: http://www.codeproject.com/KB/vbscript/VBScript_ACL_Crawl.aspx

' ListACL.vbs

' ACL Modifications by CyberneticWraith, 2005

' Changed it to display ACL information for folders

' Uses "cacls.exe"

' Run with cscript!



' IndexScripts()



' Written by Keep Bertha Surfin Heavy Industries,

' a division of Keep Bertha Surfin Electrical Concern

' Version 1.0 - KeepBerthaSurfin@Hotmail.com


' First thing, check the argument list for a directory.

' If they didn't specify one, use the current directory.

option explicit

' Run the function :)

call IndexScripts

sub IndexScripts()

dim fso
set fso = createobject("scripting.filesystemobject")

dim loc
if WScript.Arguments.Count = 0 then
loc = fso.GetAbsolutePathName(".")
loc = WScript.Arguments(0)
end if

GetWorkingFolder loc, 0, 1, "|"

set fso = nothing

End Sub

' called recursively to get a folder to work in

function GetWorkingFolder(foldspec, foldcount, _
firsttime, spacer)

Dim objShell,oExec
Set objShell = CreateObject("WScript.Shell")

dim fso
Set fso = CreateObject("Scripting.FileSystemObject")

dim fold
set fold = fso.GetFolder(foldspec)

dim foldcol
set foldcol = fold.SubFolders

'do the first folder stuff

if firsttime = 1 then
wscript.echo fold.path

foldcount = foldcol.count
firsttime = 0
end if

dim remaincount
remaincount = foldcol.count

'do the subfolder stuff

dim sf
for each sf in foldcol

'execute cacls to display ACL information

Set oExec = _
objShell.Exec("cacls " & chr(34) & sf.path & chr(34))

Do While Not oExec.StdOut.AtEndOfStream
str = oExec.StdOut.ReadAll
Dim str
Wscript.StdOut.WriteLine str

set oExec = nothing

remaincount = GetWorkingFolder (foldspec +"\"+sf.name, _
remaincount, firsttime, spacer)


'clean up

set fso = nothing

GetWorkingFolder = foldcount - 1

end function
Answered 09/20/2010 by: MSIPackager
Third Degree Black Belt

Please log in to comment