Using only standard commands, I have scripted SharedFolderPerms.bat to report the NTFS folder permissions on a computer's shared folders.

The syntax for using SharedFolderPerms.bat is:

SharedFolderPerms \[/$\] \[/S\]

Where /$ is an optional parameter that will enumerate hidden shares, and /S is an optional parameter that will report sub-folder permissions.

The report is generated in a SharedFolderPerms.log file which is created in the current folder.

NOTE: See When I query the ACL of an object with CACLS, what does the (OI), (IO), (CI), and (NP) mean?

SharedFolderPerms.bat contains:

                              @echo off                              setlocal                              if exist SharedFolderPerms.log del /q SharedFolderPerms.log                              set exclude=Y                              set subs=N                              if /i \{%1\} EQU \{/$\} set exclude=N                              if /i \{%1\} EQU \{/S\} set subs=Y                              if /i \{%2\} EQU \{/$\} set exclude=N                              if /i \{%2\} EQU \{/S\} set subs=Y                              for /f "Tokens=1*" %%a in ('net share ^|FINDSTR /I /L /C:":"') do (                               call :parse1 %%a "%%b"                              )                              endlocal                              goto :EOF                              :parse1                              set shr=%1                              set fld=%2                              if "%fld:~2,2%" NEQ ":\" goto :EOF                              if "%exclude%" EQU "N" goto parse2                              set wrk=%shr:$=%                              if "%wrk%" NEQ "%shr%" goto :EOF                              :parse2                               set wrk=%fld:  =%                              if %wrk% EQU %fld% goto parse4                              set /a pos=0                              :parse3                              set /a pos=%pos% + 1                              call set char=%%fld:~%pos%^,2%%                              if "%char%" NEQ "  " goto parse3                              call set fld=%%fld:~0,%pos%%%"                              set fld=%fld:\"="%                              :parse4                              set fld=%fld:\"="%                              set /a pos=%pos% - 1                              if %pos% EQU 3 call set fld=%fld:~1,2%@echo Share=%shr%,Folder=%fld%>>SharedFolderPerms.log                              cacls %fld% >>SharedFolderPerms.log                              if "%subs%" EQU "N" goto parse5                              for /f "Tokens=*" %%f in ('dir %fld% /b /s /ad') do (                                cacls "%%f" >>SharedFolderPerms.log                              )                              :parse5                              @echo ______________________________________>>SharedFolderPerms.log