The script then executes the :checkowner section of the script for each file that the Dir command returns. The :checkowner section first runs Subinacl against the filename and stores the owner information in the owner variable. The script then determines whether the specified user owns the file by echoing the owner string retrieved from the Subinacl command, then piping the owner string to the Find command to check for a match between the specified user's SID and the SID of the file's owner. When ERRORLEVEL equals 0, a match has been made and the script sets the found variable to 1, as the code at callout D shows. Because the script clears the found variable before setting it, you can determine whether the found flag has been set by checking whether the script has defined the found variable. If the variable has been defined, a match was found and the script outputs the filename to the output file, as the code at callout E shows.
If you look at the script, you'll notice that it also checks the owner variable against the USERID parameter, as the code at callout C shows. This step needs to occur because if you execute the script against an NT 4.0 server, the Subinacl command will return an actual username rather than the cryptic SID. Because ownedby.cmd includes this extra bit of code, you can execute the script on newer Windows Server 2003 and Win2K systems as well as older NT 4.0 systems.
Getting the Script to Work
Although ownedby.cmd is relatively short and straightforward, it has some minor idiosyncrasies. I've summarized a few details that you need to address to execute the script as written:
- Make sure the subinacl.exe and the getsid.exe files are in the same directory as the script, or at least in a directory that's part of your PATH environment variable.
- In the Name of DC portion of the script, replace mydc with the name of one of your DCs to ensure that the Getsid command knows where to direct its query for SIDs.
- If you execute the script on Windows XP or Win2K, you'll see header text like the following at the command prompt for each file that Subinacl queries:
Default Sam Server will be 0
Default Sam Server will be 0
These lines appear because Subinacl can't redirect this header text, so ownedby.cmd can't hide it from view to make the output cleaner.
- Ownedby.cmd can't determine which files an administrator account user ID owns. When an administrator account creates a file, Windows automatically assigns the ownership of the file to the Administrators group. As a result, you can't determine which administrator created the file unless you enable file auditing on your server.
I wrote and tested ownedby.cmd on Win2K Service Pack 4 (SP4) and SP3 and on NT 4.0 SP6a, but the script should run on other configurations as well. Although the script might appear to have limited applicability, I've run this report by request at least a dozen times for a variety of reasons—usually to audit files created by a user when the user isn't available to answer questions regarding the files. Ownedby.cmd gets the job done with very little effort on your part, and you'll look like a lifesaver each and every time.
End of Article
Prev. page
1
[2]
next page -->
