A client recently asked me whether it was possible to identify the name of every file that a specific user had created in a directory structure containing more than 20,000 files. At first this request seemed absurd—the only way to find this information would be to check the ownership of each file individually and compose a list, a task that would take forever. Then, I remembered that a few years ago I'd used a resource kit utility called subinacl.exe to change the ownership of files. At the time, I'd discovered that among the tool's many features, it lets you view a file's properties, including the SID of the user who owns the file. Knowing that Subinacl could help me locate the information I needed, I created a script called ownedby.cmd, which Listing 1 shows, to audit file ownership.
Subinacl.exe
More than one version of Subinacl exists—Microsoft released the first version with the .Microsoft Windows NT Server 4.0 Resource Kit and a second, updated version with the .Microsoft Windows 2000 Resource Kit. The two versions vary slightly because Microsoft added some functionality in the Win2K version to accommodate some of the new features in the new OS. However, for the purposes of ownedby.cmd, both versions of Subinacl work the same. For a complete list of options for this tool, from the command prompt type
subinacl.exe /help /full
To use the Subinacl command to view details about a file's ACL, simply type . . .
Register
