Active Directory

Current NTFS ACES Without Inheritance

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Summary

How when using the srs.current_ntfs_aces view can I report on the ACES without inheritance?

Explaination

The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask. If this ace_flags value when ANDed with the a decimal value of 16 is equal to 16 than the ACE is inherited. If we therefore mask off that bit mask we can filter off the inherited values.

Find Files Renamed By The Crypto or Wanna Cry Ransomeware Viruses

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 2

Summary

Over the past few years computer systems everywhere have been dealing with ransomeware viruses. Crypo, Wanna Cry, and others have hit networks all over the world. How can I find these infected files, so I can restore them from back up?

Extension Report by Category

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 3

This report combines file extensions in to categories. The report uses the srs.current_fs_scandata database view which limits the scope to current scans only. The scope is further limited by the sd.fullpath LIKE portion of the sql where clause. If you remove it, the report will run across all current scan_data.

Note: The layout for this report has been updated to handle the chart scripting differently. As it was giving an error for some people.