Fetching audit permission settings using VBScript..

If you are looking for a script to fetch audit permission settings on a folder, here it is:

===================================================================================================================

This is just a sample. It would require some modification to run it fully.

Const GENERIC_ALL = &H10000000
Const GENERIC_EXECUTE = &H20000000
Const GENERIC_READ = &H80000000
Const GENERIC_WRITE = &H40000000

Const OBJECT_INHERIT_ACE = 1
Const CONTAINER_INHERIT_ACE = 2
Const NO_PROPAGATE_INHERIT_ACE = 4
Const INHERIT_ONLY_ACE = 8
Const INHERITED_ACE = 16

Const AUDIT_ACE_TYPE  = &H2 

Const FAILED_ACCESS_ACE_FLAG = &H80
Const SUCCESSFUL_ACCESS_ACE_FLAG = &H40

Dim strComputer
strComputer = "."

Dim oShell
Dim sortie, ace, trustee,retVal, wmiSecurityDescriptor

Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate,(Security)}!\\" _
    & strComputer & "\root\cimv2")

Set WshShell = WScript.CreateObject("WScript.Shell")

getPermissions "C:\Test"

Sub getPermissions (name)

Set objFile = objWMIService.Get("Win32_LogicalFileSecuritySetting='" & name & "'")

If objFile.GetSecurityDescriptor(objSD) = 0 Then

If isArray(objSD.SACL) Then

    For Each objAce in objSD.SACL

  If objAce.AceType = AUDIT_ACE_TYPE Then
  
   
  strAceType = ""
  
  If objAce.AceFlags And FAILED_ACCESS_ACE_FLAG Then
   If objAce.AceFlags And SUCCESSFUL_ACCESS_ACE_FLAG Then
    strAceType = "All"
   Else
    strAceType = "Fail"
   End If
  Else
   If objAce.AceFlags And SUCCESSFUL_ACCESS_ACE_FLAG Then
    strAceType = "Success"
   Else
    strAceType = "No"
   End If
  End If
  

 Wscript.echo strAceType
 Wscript.echo objAce.Trustee.Domain & "\" &objAce.Trustee.Name

  If objAce.AceFlags And OBJECT_INHERIT_ACE Then
   If objAce.AceFlags And CONTAINER_INHERIT_ACE Then
    If objAce.AceFlags And INHERIT_ONLY_ACE Then
      Wscript.echo "Subfolders and Files only"
    Else
      Wscript.echo "This Folder, Subfolders and Files"
    End If
   Else

    If objAce.AceFlags And INHERIT_ONLY_ACE Then
      Wscript.echo "Files Only"
    Else
      Wscript.echo "This Folder and Files"
    End If
   End If

  Else
  
   If objAce.AceFlags And CONTAINER_INHERIT_ACE Then
    If objAce.AceFlags And INHERIT_ONLY_ACE Then
      Wscript.echo "Subfolders only"
    Else
      Wscript.echo "This Folder and Subfolders"
    End If
   Else
     Wscript.echo "This Folder Only"
   End If

  End If

  Dim strPerm
  strPerm = ""

  If objAce.AccessMask AND 524288 Then
   strPerm = strPerm & "Take Ownership;"
  End If
  If objAce.AccessMask AND 262144 Then
   strPerm = strPerm & "Change Permissions;"
  End If
  If objAce.AccessMask AND 131072 Then
   strPerm = strPerm & "Read Permissions;"
  End If
  If objAce.AccessMask AND 65536 Then
   strPerm = strPerm & "Delete;"
  End If
  If objAce.AccessMask AND 256 Then
   strPerm = strPerm & "Write Attributes;"
  End If
  If objAce.AccessMask AND 128 Then
   strPerm = strPerm & "Read Attributes;"
  End If
  If objAce.AccessMask AND 64 Then
   strPerm = strPerm & "Delete Subfolders and Files;"
  End If
  If objAce.AccessMask AND 32 Then
   strPerm = strPerm & "Traverse Folder / Execute File;"
  End If
  If objAce.AccessMask AND 16 Then
   strPerm = strPerm & "Write Extended Attributes;"
  End If
  If objAce.AccessMask AND 8 Then
   strPerm = strPerm & "Read Extended Attributes;"
  End If
  If objAce.AccessMask AND 4 Then
   strPerm = strPerm & "Create Folders / Append Data;"
  End If

  If objAce.AccessMask AND 2 Then
   strPerm = strPerm & "Create Files / Write Data;"
  End If

  If objAce.AccessMask AND 1 Then
   strPerm = strPerm & "List Folder / Read Data;"
  End If

  If objAce.AccessMask And GENERIC_ALL Then
   strPerm = strPerm & "Generic All;"
  End If

  If objAce.AccessMask And GENERIC_EXECUTE Then
   strPerm = strPerm & "Generic Execute;"
  End If

  If objAce.AccessMask And GENERIC_READ Then
   strPerm = strPerm & "Generic Read;"
  End If

  If objAce.AccessMask And GENERIC_WRITE Then
   strPerm = strPerm & "Generic Write;"
  End If

  Wscript.echo strPerm

  End If

  line = line + 1
    Next

Else

 Wscript.echo name & " doesn't have audit setting."

End If
End If

================================================================================================================================

Disclaimer: Above script is just for illustration purpose. Not recommended to run on production server without testing.

                 This is a personal weblog. The opinions expressed here represent my own and not those of my employer.