Listar grupos y usuarios a un txt

Para listar el contenido de un grupo local de una workstation o server, podemos ejecutar el siguiente comando:


Net localgroup administrators > %temp%\lstUsersAdministrators.txt


Para hacerlo en un equipo distinto del que estamos trabajando podemos ayudarnos de la tool psexec:


psexec.exe \\Target net localgroup administrators > %temp%\lstUsersAdministrators.txt




Para listar todos los usuarios de una workstation o server, podemos ejecutar el siguiente comando:

Net users > %temp%\lstUsers.txt

Copiar una estructura de carpetas sin su archivos

Este post es bastante simple y directo... como armar una estructura de carpetas vacia copiando otra que esta llena de archivo???


Muy simple:


xcopy pathOrigen pathDestino /t /e /i


enjoy!

Error on cacls

Como resolver el siguiente error que arroja cacls: The data area passed to a system call is too small.  ???


Muy simple....
El error se debe a que la cadena pasada es muy larga y el límite es 254 caracteres


por ejemplo use este comando que da permisos de lectura al grupo group:


cacls "E:\Share\propuestas\especiales\ " /E /C /T /G  dominio\group:R

y cuando llega a este archivo da error y no aplica los permisos:

E:\Share\propuestas\especiales\1-Gestao\Biblioteca\5 - Ingenieria_Pre-Ventas\03 - Competitividades\Comparativo de Ecuanos\Acesso\Wireless\Sinalas - Sucalata\LAP 1131 e WLC 4400 - KOJNE234 – Petrecasa\RPP - ET-0663.32-5517-762-PPT-001 - Equipamento WLAN.xls

y que da este error:

The data area passed to a system call is too small

Esta es una solución a este problema de path extensos al usar cacls:

Hay que acortar el path usando una substitución:

Antes:

cacls "E:\Share\propuestas\especiales\ " /E /C /T /G  dominio\group:r

Despues:

subst X: "E:\Share\propuestas\especiales"

cacls X: /E /C /T /G  dominio\group:r

Auditing file server permissions with cacls on Windows

Un método alternativo para listar permisos de Filesystem sin usar DUMPSEC.

Esta opción es nativa de Windows por lo que no requiere instalación alguna. Es una herramienta simple y rápida.

Pueden usar este comando directamente en un cmd para listar los permisos de un directorio y sus subdirectorios:

cacls e:\share /T /C /E > permissions_share_20100706.txt

Si lo quieren ejecutar para varios equipos en forma remota puede hacerlo usando el Psexec:

Ejemplo

psexec \\207.169.84.13 net cacls e:\share /T /C /E >> permissions_share_20100706.txt

El utilitario cacls tiene algunas falencias, por lo que Microsoft desarrollo el icacls a partir de Windows Vista.

El procedimiento con cacls que es un comando estándar y que lo pueden aplicar en cualquier equipo Windows 2003 Server.

1. A brir CMD
2.     Pararse sobre la raíz del directorio que queremos analizar
3.     Ejecutar el comando cacls . /T /C /E > c:\ACLLog.txt
4.     Analizar el archivo para ver que diferencias hay en los permisos.

La herramienta CACLS no tiene una salida que permita fácilmente ordenar en columnas la salida, pero es muy rápida para generar la salida.

Donde tengan muchas subcarpetas es más recomendable usar Hyena o Dumpsec.

PD: Si tuvieran que agregar permisos en muchas subcarpetas se puede usar el cacls para hacer modificaciones.

Ejemplo:

cacls x:\carpeta /G grupo:W

/G user:perm  Grant specified user access rights.

              Perm can be: R  Read

                           W  Write

                           C  Change (write)

                           F  Full control

Aqui toda la configuración completa:

 Displays or modifies access control lists (ACLs) of files

 CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]

        [/R user [...]] [/P user:perm [...]] [/D user [...]]

    filename      Displays ACLs.

    /T            Changes ACLs of specified files in

                  the current directory and all subdirectories.

    /L            Work on the Symbolic Link itself versus the target

    /M            Changes ACLs of volumes mounted to a directory

    /S            Displays the SDDL string for the DACL.

    /S:SDDL       Replaces the ACLs with those specified in the SDDL string

                  (not valid with /E, /G, /R, /P, or /D).

    /E            Edit ACL instead of replacing it.

    /C            Continue on access denied errors.

    /G user:perm  Grant specified user access rights.

                  Perm can be: R  Read

                               W  Write

                               C  Change (write)

                               F  Full control

    /R user       Revoke specified user's access rights (only valid with /E).

    /P user:perm  Replace specified user's access rights.

                  Perm can be: N  None

                               R  Read

                               W  Write

                               C  Change (write)

                               F  Full control

    /D user       Deny specified user access.

 Wildcards can be used to specify more than one file in a command.

 You can specify more than one user in a command.

 Abbreviations:

    CI - Container Inherit.

         The ACE will be inherited by directories.

    OI - Object Inherit.

         The ACE will be inherited by files.

    IO - Inherit Only.

         The ACE does not apply to the current file/directory.

    ID - Inherited.

         The ACE was inherited from the parent directory's ACL.

Dumpsec command line Auditing Tool for Windows

Dumpsec es una herramienta para auditoría en Windows. Es usada frecuentemente para generar reportes de permisos en file system, usuarios, grupos, registry, etc.

Aca les paso los comandos de Dumpsec que pueden usar para agilizar cualquier necesidad de auditoría.

Tienen que ejecutarlo con un CMD parados en el dir donde este el Dumpsec.exe

Desde este link pueden descargar las tools imprecindibles de la gente de SystemTools -  www.systemtools.com

Dumpsec /rpt=dir=c:\ /saveas=csv /outfile=c:\temp\dirC.txt

Dumpsec /rpt=dir=d:\ /saveas=csv /outfile=c:\temp\dirD.txt

Dumpsec /rpt=dir=e:\ /saveas=csv /outfile=c:\temp\dirE.txt

Dumpsec /rpt=userscol /saveas=csv /outfile=C:\temp\userscol.txt

Dumpsec /rpt=Groupscol /saveas=csv /outfile=C:\temp\GroupsCol.txt

Dumpsec /rpt=groups /saveas=csv /outfile=C:\temp\Groups.csv

Dumpsec /rpt=Groupsonly /saveas=csv /outfile=C:\temp\GroupsOnly.csv

Dumpsec /rpt=rights /saveas=csv /outfile=C:\temp\Rights.txt

Dumpsec /rpt=services /saveas=csv /outfile="C:\temp\" + %computername% + "_Services.txt"

Dumpsec /rpt=allsharedirs /saveas=csv /outfile=C:\temp\Allshares.txt

Dumpsec /rpt=shares /saveas=csv /outfile=C:\temp\shares.txt

Dumpsec /rpt=Policy /saveas=csv /outfile=C:\temp\Policy.txt

Dumpsec /rpt=registry=HKEY_LOCAL_MACHINE /saveas=csv /outfile=C:\temp\RegistryMachine.txt

Dumpsec /rpt=registry=HKEY_USERS /saveas=csv /outfile=C:\temp\RegistryUser.txt

Dumpsec /rpt=printers /saveas=csv /outfile=C:\temp\Printers.txt

customizable

-------------

Dumpsec /rpt=share=sharename            Specific shared directory permissions report

Mas info:

Required parameters

/rpt=report type              Type of report to produce:

dir=drive:\path Directory permissions report (drive letter path)

dir=\\computer\sharepath         Directory permissions report (UNC path)

registry=hive     Registry permissios report (hive can be HKEY_LOCAL_MACHINE or HKEY_USERS)

share=sharename           Specific shared directory permissions report

allsharedirs         All non-special shared directories permissions report

printers                Printers permissions report

shares   Shares permissions report

users     Users report (table format, all fields except groups, groupcomment and grouptype)

usersonly            Users report (table format, only username, fullname and comment fields)

userscol               Users report (column format, same fields as users report)

groups  Groups report (table format, all fields)

Groupsonly        Groups report (table format, group info, no user info)

Groupscol           Groups report (column format, same fields as groups report)

Policy    Policy report

rights     Rights report

services                Services report

/outfile=drive:\path       File in which to store report. This file will be replaced if it already exists.

Optional parameters for all reports

/computer=computer   Computer for which to dump information. Ignored for directory reports (since computer is implied by computer associated with redirected drive). Default is to dump local information.

/saveas=format                Fomat in which to store report:

native   binary format, can be loaded back into Somarsoft DumpSec

csv          comma separated columns

tsv          tab separated columns

fixed      fixed width columns, padded with blanks

Default is to save as native format.

/noheader          Do not include timestamp and other header information in saved report. Default is to include this information.

Optional parameters for permissions reports only

/noowner           Do not dump owner. Default is to dump owner.

/noperms            Do not dump permissions. Default is to dump permissions.

/showaudit         Dump audit info. Default is not to dump audit info. Ignored if audit information cannot be displayed because the current user is not a member of the Administrators group.

(only one of the following options can be specified)

/showexceptions             Show directories, files, and registry keys whose permissions differ from those of the parent directory or registry key. This is the default.

/showexcdirs     Show directories (but not files) whose permissions differ from those of the parent directory.

/showalldirs       Show all directories. Show only those files whose permissions differ from those of the parent directory.

/showdirsonly   Show all directories. Do not show any files.

/showall               Show all directories, files and registry keys.

Optional parameters for users/groups reports only

/showtruelastlogon        Query all domain controllers for "true" last logon time, which can be time consuming. Default is to use last logon time from specified computer.

/showosid           Dump SID as part of users report, which requires some additional and possible time-consuming processing. Default is not to dump SID.

/showcomputers             Show computer accounts in users reports. Default is only to show normal user accounts.

Examples:

DumpSec.exe c:\temp\users.dcl

Start Somarsoft DumpSec interactively, load and display a report that was previously saved in native format in c:\temp\users.dcl.

DumpSec.exe /rpt=dir=c:\users /showaudit /outfile=c:\temp\users.dcl

Run Somarsoft DumpSec batch mode, produce a report of directory permissions for the c:\users directory showing owner, permissions and audit settings and store the report in native file format in c:\temp\users.dcl. The report will show only those directories and files whose permissions or audit settings differ from those of parent directory.

DumpSec.exe /computer=\\server1 /rpt=users /saveas=csv /outfile=c:\temp\users.txt

Run Somarsoft DumpSec in batch mode, produce a report showing all user information in table format for users defined on \\server1, and store the report in comma separated columns format in c:\temp\users.txt.

DumpSec.exe /computer=\\server1 /rpt=share=sales /outfile=c:\temp\users.dcl /showalldirs

Run Somarsoft DumpSec in batch mode, produce a report of permissions for the \\server1\sales shared directory, showing owner and permissions but not audit settings, and store the report in native file format in c:\temp\users.dcl. The report will show all directories under the \\server1\sales tree, and only those files whose permissions differ from those of the parent directory.