Active Directory

File Extensions by Category


This report combines file extensions in to categories. The report uses the srs.current_fs_scandata database view which limits the scope to current scans only. The scope is further limited by the sd.fullpath LIKE portion of the sql where clause. If you remove it, the report will run across all current scan_data.

This recipes comes in two versions, a Detailed version and a Summary version.

You will need to modify the path line 32 of the desired query.


Content Hash Duplicate File Report


This report utilizes the new added file content hash feature of version 4.0.  The 4.0 scan policy definition gives a new option to Generate file content hashes for All Files or Files uploaded since the last scan.  This option prompts the AgentFS to generate a SHA256 hash of the file content and store the hash in the database where it can be compared against other files that match in content.


Line 10 contains the paths to be reported against.  Modify these paths appropriate to your environment.

Current NTFS ACEs Without Inheritance


How when using the srs.current_ntfs_aces view can I report on the ACEs without inheritance?


The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask.

If the bit flag with a value of 16 is present, then the ACE is inherited. Filtering out inherited ACEs is a simple matter of checking that this flag is off.