Current NTFS ACEs Without Inheritance

Current NTFS ACEs Without Inheritance

Details

Summary

How when using the srs.current_ntfs_aces view can I report on the ACEs without inheritance?

Explaination

The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask.

If the bit flag with a value of 16 is present, then the ACE is inherited. Filtering out inherited ACEs is a simple matter of checking that this flag is off.

Code
 SELECT * FROM srs.current_ntfs_aces WHERE ace_flags & 16 <> 16
Author
rlagger
Post date
Wednesday, January 6, 2021 - 08:48
Last modified
Tuesday, March 29, 2022 - 08:58
Properties
Supported Version
4.1
4.0
3.6
Report Category
Permissions
Includes a Report Layout
Yes
Databases
SQL Server
PostgreSQL
Tags
Active Directory
Downloads
AttachmentSize
Current NTFS ACES Without Inheritance.zip3.38 KB
Sample Report
AttachmentSize
Current NTFS ACEs without Inheritance.pdf75.66 KB
Preview Images