Using only standard commands, I have scripted SharedFolderPerms.bat to report the NTFS folder permissions on a computer's shared folders.

The syntax for using SharedFolderPerms.bat is:

SharedFolderPerms \[/$\] \[/S\]

Where /$ is an optional parameter that will enumerate hidden shares, and /S is an optional parameter that will report sub-folder permissions.

The report is generated in a SharedFolderPerms.log file which is created in the current folder.

NOTE: See When I query the ACL of an object with CACLS, what does the (OI), (IO), (CI), and (NP) mean?

SharedFolderPerms.bat contains:

@echo off
if exist SharedFolderPerms.log del /q SharedFolderPerms.log
set exclude=Y
set subs=N
if /i \{%1\} EQU \{/$\} set exclude=N
if /i \{%1\} EQU \{/S\} set subs=Y
if /i \{%2\} EQU \{/$\} set exclude=N
if /i \{%2\} EQU \{/S\} set subs=Y
for /f "Tokens=1*" %%a in ('net share ^|FINDSTR /I /L /C:":"') do (
 call :parse1 %%a "%%b"
goto :EOF
set shr=%1
set fld=%2
if "%fld:~2,2%" NEQ ":\" goto :EOF
if "%exclude%" EQU "N" goto parse2
set wrk=%shr:$=%
if "%wrk%" NEQ "%shr%" goto :EOF
set wrk=%fld:  =%
if %wrk% EQU %fld% goto parse4
set /a pos=0
set /a pos=%pos% + 1
call set char=%%fld:~%pos%^,2%%
if "%char%" NEQ "  " goto parse3
call set fld=%%fld:~0,%pos%%%"
set fld=%fld:\"="%
set fld=%fld:\"="%
set /a pos=%pos% - 1
if %pos% EQU 3 call set fld=%fld:~1,2%@echo Share=%shr%,Folder=%fld%>>SharedFolderPerms.log
cacls %fld% >>SharedFolderPerms.log
if "%subs%" EQU "N" goto parse5
for /f "Tokens=*" %%f in ('dir %fld% /b /s /ad') do (
  cacls "%%f" >>SharedFolderPerms.log
@echo ______________________________________>>SharedFolderPerms.log