Convert decimal value for file+dir permissions

Example scripts and tips (replaces Old Scripts & Tips archive)

Moderators: Dorian (MJT support), JRL, Phil Pendlebury

Post Reply
User avatar
Grovkillen
Automation Wizard
Posts: 1131
Joined: Fri Aug 10, 2012 2:38 pm
Location: Bräcke, Sweden
Contact:
Contact Grovkillen

Convert decimal value for file+dir permissions

Post by Grovkillen » Mon Aug 19, 2024 8:00 pm

I have a script that is rolling on our company file server. I created it to be able to easily see which files that are open and by whom. The script update a database table with this information each 30 seconds. Anyhow, I use the Get-SmbOpenFile command in PowerShell. The command also give the user name and their permission. The decimal value is a representation of the permissions based on a hex format.

Code: Select all

standard_rights

0x00010000=DELETE
0x00020000=READ_CONTROL
0x00040000=WRITE_DAC
0x00080000=WRITE_OWNER
0x00100000=SYNCHRONIZE


files

0x00000001=READ
0x00000002=WRITE
0x00000004=APPEND
0x00000008=READ_EXTENDED
0x00000010=WRITE_EXTENDED
0x00000020=EXECUTE
0x00000040=
0x00000080=READ_ATTRIBUTE
0x00000100=WRITE_ATTRIBUTE


directories

0x00000001=LIST
0x00000002=ADD_FILE
0x00000004=ADD_SUB_DIRECTORY
0x00000008=READ_EXTENDED
0x00000010=WRITE_EXTENDED
0x00000020=TRAVERSE
0x00000040=DELETE_CHILD
0x00000080=READ_ATTRIBUTE
0x00000100=WRITE_ATTRIBUTE
Since this value isn't human readable I have made this conversion:

Code: Select all

//https://learn.microsoft.com/en-us/archive/msdn-magazine/2008/november/access-control-understanding-windows-file-and-registry-permissions

Let>REGEX_PATTERN=(0[xX])([0-9a-fA-F])([0-9a-fA-F])([0-9a-fA-F])([0-9a-fA-F])([0-9a-fA-F])([0-9a-fA-F])([0-9a-fA-F])([0-9a-fA-F])

//Let>TYPE_OF_FILE=file
Let>TYPE_OF_FILE=folder
Let>PERMISSION_LIST=###%TYPE_OF_FILE%###
LabelToVar>test_values,TEMP_string
Trim>TEMP_string,TEMP_string
Separate>TEMP_string,CRLF,TEMP_value

Let>k=0
Repeat>k
  Let>k=k+1
  Let>VALUE_IN_DECIMAL=TEMP_value_%k%
  Format>0x%.8x,VALUE_IN_DECIMAL,VALUE_IN_HEX
  RegEx>REGEX_PATTERN,VALUE_IN_HEX,0,,,1,$2|$3|$4|$5|$6|$7|$8|$9,VALUES_TO_BE_PROCESSED
  Separate>VALUES_TO_BE_PROCESSED,|,HEX_VALUE
  ConCat>PERMISSION_LIST,%CRLF%%VALUE_IN_DECIMAL%=%VALUE_IN_HEX%
  Let>c=0
  Repeat>c
    Let>c=c+1
    Let>TEMP_RIGHT=HEX_VALUE_%c%
    VBEval>CLng("&h" & "%TEMP_RIGHT%"),TEMP_RIGHT_DECIMAL
    If>TEMP_RIGHT_DECIMAL>0
      GoSub>PERMISSION_CHECK_%c%
    Endif>
  Until>c=HEX_VALUE_count
  ConCat>PERMISSION_LIST,%CRLF%-----------------
Until>k=TEMP_value_count

Trim>PERMISSION_LIST,PERMISSION_LIST

SRT>PERMISSION_CHECK_1
//unkown
END>PERMISSION_CHECK_1

SRT>PERMISSION_CHECK_2
//unkown
END>PERMISSION_CHECK_2

SRT>PERMISSION_CHECK_3
//SYNCHRONIZE
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%SYNCHRONIZE
  Endif>
END>PERMISSION_CHECK_3

SRT>PERMISSION_CHECK_4
  If>TEMP_RIGHT_DECIMAL>7
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 8}
    ConCat>PERMISSION_LIST,%CRLF%WRITE_OWNER
  Endif>
  If>TEMP_RIGHT_DECIMAL>3
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 4}
    ConCat>PERMISSION_LIST,%CRLF%WRITE_DAC
  Endif>
  If>TEMP_RIGHT_DECIMAL>1
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 2}
    ConCat>PERMISSION_LIST,%CRLF%READ_CONTROL
  Endif>
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%DELETE
  Endif>
//TEMP_RIGHT_DECIMAL should be zero now....
END>PERMISSION_CHECK_4

SRT>PERMISSION_CHECK_5
//unkown
END>PERMISSION_CHECK_5

SRT>PERMISSION_CHECK_6
//WRITE_ATTRIBUTE
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%WRITE_ATTRIBUTE
  Endif>
END>PERMISSION_CHECK_6

SRT>PERMISSION_CHECK_7
If>TYPE_OF_FILE=file
//file:WRITE_EXTENDED|EXECUTE||READ_ATTRIBUTE
  If>TEMP_RIGHT_DECIMAL>7
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 8}
    ConCat>PERMISSION_LIST,%CRLF%READ_ATTRIBUTE
  Endif>
  If>TEMP_RIGHT_DECIMAL>3
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 4}
    //not used
  Endif>
  If>TEMP_RIGHT_DECIMAL>1
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 2}
    ConCat>PERMISSION_LIST,%CRLF%EXECUTE
  Endif>
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%WRITE_EXTENDED
  Endif>
Else>
//folder:WRITE_EXTENDED|TRAVERSE|DELETE_CHILD|READ_ATTRIBUTE
  If>TEMP_RIGHT_DECIMAL>7
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 8}
    ConCat>PERMISSION_LIST,%CRLF%READ_ATTRIBUTE
  Endif>
  If>TEMP_RIGHT_DECIMAL>3
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 4}
    ConCat>PERMISSION_LIST,%CRLF%DELETE_CHILD
  Endif>
  If>TEMP_RIGHT_DECIMAL>1
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 2}
    ConCat>PERMISSION_LIST,%CRLF%TRAVERSE
  Endif>
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%WRITE_EXTENDED
  Endif>
Endif>
//TEMP_RIGHT_DECIMAL should be zero now....
END>PERMISSION_CHECK_7

SRT>PERMISSION_CHECK_8
If>TYPE_OF_FILE=file
//file:READ|WRITE|APPEND|READ_EXTENDED
  If>TEMP_RIGHT_DECIMAL>7
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 8}
    ConCat>PERMISSION_LIST,%CRLF%READ_EXTENDED
  Endif>
  If>TEMP_RIGHT_DECIMAL>3
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 4}
    ConCat>PERMISSION_LIST,%CRLF%APPEND
  Endif>
  If>TEMP_RIGHT_DECIMAL>1
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 2}
    ConCat>PERMISSION_LIST,%CRLF%WRITE
  Endif>
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%READ
  Endif>
Else>
//folder:LIST|ADD_FILE|ADD_SUB_DIRECTORY|READ_EXTENDED
  If>TEMP_RIGHT_DECIMAL>7
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 8}
    ConCat>PERMISSION_LIST,%CRLF%READ_EXTENDED
  Endif>
  If>TEMP_RIGHT_DECIMAL>3
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 4}
    ConCat>PERMISSION_LIST,%CRLF%ADD_SUB_DIRECTORY
  Endif>
  If>TEMP_RIGHT_DECIMAL>1
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 2}
    ConCat>PERMISSION_LIST,%CRLF%ADD_FILE
  Endif>
  If>TEMP_RIGHT_DECIMAL>0
    Let>TEMP_RIGHT_DECIMAL={%TEMP_RIGHT_DECIMAL% mod 1}
    ConCat>PERMISSION_LIST,%CRLF%LIST
  Endif>
Endif>
END>PERMISSION_CHECK_8

PutClipBoard>PERMISSION_LIST

MDL>PERMISSION_LIST

/*
test_values:
128
131200
262272
524416
1048704
1048705
1048736
1048737
1114240
1179776
1179785
1179817
1180041
1180054
1180063
1245599
1442207
1507739
1507743
*/

/*
standard_rights

0x00010000=DELETE
0x00020000=READ_CONTROL
0x00040000=WRITE_DAC
0x00080000=WRITE_OWNER
0x00100000=SYNCHRONIZE


files

0x00000001=READ
0x00000002=WRITE
0x00000004=APPEND
0x00000008=READ_EXTENDED
0x00000010=WRITE_EXTENDED
0x00000020=EXECUTE
0x00000040=
0x00000080=READ_ATTRIBUTE
0x00000100=WRITE_ATTRIBUTE


directories

0x00000001=LIST
0x00000002=ADD_FILE
0x00000004=ADD_SUB_DIRECTORY
0x00000008=READ_EXTENDED
0x00000010=WRITE_EXTENDED
0x00000020=TRAVERSE
0x00000040=DELETE_CHILD
0x00000080=READ_ATTRIBUTE
0x00000100=WRITE_ATTRIBUTE
*/
Hopefully it will be of help for someone else who might want to do the same.
Let>ME=%Script%

Running: 15.0.27
version history
Top
Post Reply

Return to “Scripts and Tips”

Sign up to our newsletter for free automation tips, tricks & discounts