Current NTFS ACES Without Inheritance by Path
Current NTFS ACES Without Inheritance by Path
Details
Details
Summary
How when using the srs.current_ntfs_aces view can I report on the ACEs without inheritance, within a particular path?
Explanation
The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask.
If the bit flag with a value of 16 is present, then the ACE is inherited. Filtering out inherited ACEs is a simple matter of checking that this flag is off.
This query also includes the new Custom Query File System Paths technology new with version 4.1. The paths are now added or removed with the Report Designer, instead of modifying the query directly.
Code
SELECT * FROM srs.current_ntfs_aces as ace JOIN #tmp_cq_fs_paths as cp on cp.scan_id = ace.scan_id and cp.ns_left <= ace.ns_left and cp.ns_right >= ace.ns_right WHERE ace.ace_flags & 16 <> 16
SELECT * FROM srs.current_ntfs_aces as ace JOIN tmp_cq_fs_paths as cp on cp.scan_id = ace.scan_id and cp.ns_left <= ace.ns_left and cp.ns_right >= ace.ns_right WHERE ace.ace_flags & 16 <> 16
Post date
Tuesday, March 29, 2022 - 10:14
Last modified
Tuesday, June 20, 2023 - 15:20
Downloads
| Attachment | Size |
|---|---|
 Current NTFS ACES Without Inheritance by Path.zip | 3.65 KB |
Sample Report
| Attachment | Size |
|---|---|
 Current NTFS ACES Without Inheritance by Path.pdf | 735.25 KB |
Preview Images
