Operating System - Microsoft
Showing results for 
Search instead for 
Did you mean: 

Accessing files that have restrictive ACLs

John Gourlay
Occasional Advisor

Accessing files that have restrictive ACLs

I'm currently working on an application that requires programmatically to discover all files on a windows file system (NT4.0, W2K, .NET). My application runs under an administrative account on the server but is unable to access folders that are restricted to a specific user account (may be a local or domain user)

Does anyone know of a way around this problem programmatically - some ideas we had were to try and add administrator programmatically to access list if access is denied, spoofing the user that owns the folder, some special setting in the administrator account....

Appreciate any pointers


John G
Richard J. Anthony
Frequent Advisor

Re: Accessing files that have restrictive ACLs

John, I have used REXX to do a similar job on several applications and operating systems. I have to go to work in 10 min and the wrong opsys is running just now to access my script files for any of those jobs. You should be able to do something similar with most scripts. Permissions are not a problem.

Basically, you I have REXX pass the directory-list command to the machine's underlying opsys and pipe the response onto the REXX queue. This is just a one line REXX statement. The next statement opens a file and reads the queue in a loop, writing it line-by-line into a file. Then I close the file, reopen it, and read it in a loop, and write to another file; when a directory entry (ie: folder) is found, I execute a copy of the previous loop. Iterate the nested loops, swapping files so you don't overwrite your work, until no more directory entries can be found. Written properly, the script 'explores' its way to the bottom of each directory 'tree' and returns to do the next, and the next, etc., until all directory-trees are exhausted.

REXX is available from many sources. IBM even includes it on its PC DOS 6 disks.
Dum vivimus vivamus
John Bolene
Honored Contributor

Re: Accessing files that have restrictive ACLs

I had to recover files form a dead cpu XP machine. I added the drive to a W2K machine and had to go into each folder and reset the security options so that it was accessable. It was quite a pain, some files and folders would inherit the permissions of the parent folder, but some would not.

There should be a programmatic way to do it, but Microsoft may not tell you so that hackers do not get the code.
It is always a good day when you are launching rockets! http://tripolioklahoma.org, Mostly Missiles http://mostlymissiles.com
Richard J. Anthony
Frequent Advisor

Re: Accessing files that have restrictive ACLs

John, sorry for the delay. Here's a small REXX script that will do the job. Considering its simplicity, however, I think you might do as well just entering DIR C:\*.* at a command prompt and piping it to LPT1. Or putting that into a .bat file and executing same from the command prompt. In any case, to run this code you must have a REXX interpreter on your machine. Lots of them are available for cheap and even trial versions for free. Here's the code.

Save it to a file on your machine, give it a .rex extension, change the oFilename to point at the file where you want the output, and change the third line to be the drive and option(s) you want. Run it by typing C:\REXX FQDN at the Command Prompt -- where FQDN is the fully qualified pathname where you saved the .rex file.

To run it for a multi-drive machine, say one with C, E, and F drives active, just copy the .rex file under additional names, change each copy to point at a particular drive, and make a .bat file that says the C:\REXX FQDN of each .rex file on a separate line; the execute the .bat file from the command prompt. The outputs will appear concatenated in the output file, presuming you used the same oFilename in each .rex copy.

If what you had in mind was something with a more tree-like output, we can do that too. Just say so.
Dum vivimus vivamus
Richard J. Anthony
Frequent Advisor

Re: Accessing files that have restrictive ACLs

Clever of me. I forgot to include the script. Here it is:

/* REXX ____________________________________________ */

oFile = .stream~new(oFilename)


PARSE VAR iLine w1 w2 w3 w4 . /*POPULATE VARIABLES */
oFile~lineout(iLine) /*WRITE ONE LINE OUT*/
END /* ends the DO statement */

Dum vivimus vivamus