'========================================================================== 
' 
' VBScript Source File 
' 
' NAME: CheckNullDacl.vbs 
' 
' AUTHOR: Mike Stephens , Microsoft Corporation 
' DATE  : 7/15/2003 
' 
' COMMENT: 
' 
'========================================================================== 
'  Microsoft provides programming examples for illustration only, without warranty either expressed or 
'  implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a 
'  particular purpose.  This sample assumes that you are familiar with the programming language being 
'  demonstrated and the tools used to create and debug procedures. Microsoft support professionals 
'  can help explain the functionality of a particular procedure, but they will not modify these examples 
'  to provide added functionality or construct procedures to meet your specific needs. 
' =============================================================================

Option Explicit 
Const ADS_PATH_FILE     = 1 
Const ADS_SD_FORMAT_IID = 1 
Const SE_DACL_PRESENT = &h4 
Const Dbg = False 

Dim oArgs : Set oArgs = WScript.Arguments 

If Not (oArgs.Count >= 1) Then  
        WScript.Quit(0) 
End If 

WScript.Echo VbCrLf & "Recursivly searching " & oArgs.Unnamed(0) & " for NULL DACLs..." & vbCr 

SearchSDsInFolder oArgs.Unnamed(0) 
WScript.Echo VbCrLf & "-=[Complete]=-" & VbCrLf 

WScript.Quit(0) 

Sub IsNullDacl(fileArg, bFolder) 
        Dim fso : Set fso = CreateObject("Scripting.FileSystemObject") 
        Dim sdUtil  : Set sdUtil = CreateObject("ADsSecurityUtility") 
        Dim sd :  Set sd = CreateObject("SecurityDescriptor") 
        Dim dacl         

        Dim sdControl, sdObject, DaclAceCount 

        If(bFolder) = False Then  
                If(fso.FileExists(fileArg)) = False Then 
                        Exit Sub 
                Else 
                        Set sdObject = fso.GetFile(fileArg) 
                End If 
        Else 
                If(fso.FolderExists(fileArg)) = False Then 
                        Exit Sub 
                Else 
                        Set sdObject = fso.GetFolder(fileArg) 
                End If 
        End If  

        Set sd = sdUtil.GetSecurityDescriptor( sdObject.Path, ADS_PATH_FILE, ADS_SD_FORMAT_IID)        

        '  Get the SD Control 
        sdControl = sd.Control                

        '  Get the SD DACL  
        Set dacl = sd.DiscretionaryAcl 
        On Error Resume Next 
                DaclAceCount = dacl.AceCount 
                If Err.Number = 424 Then  
                        DaclAceCount = -1 
                        Err.Clear  
                End If  
        On Error GoTo 0 

        If(sdControl And SE_DACL_PRESENT <> SE_DACL_PRESENT) Then  
                WScript.Echo "- Null DACL detected on " & cStr(sdObject.Path) & "." 
                Exit Sub 
        ElseIf(DaclAceCount = -1) Then 
                WScript.Echo "- Null DACL detected on " & cStr(sdObject.Path) & "." 
                Exit Sub 
        Else 
                DebugPrint "Processed " & cStr(sdObject.Path) 
        End If 
End Sub 

Sub SearchSDsInFolder( folderArg) 
        Dim fso : Set fso = CreateObject("Scripting.FileSystemObject") 
        Dim flder, folder, folderCollection 
        Dim file, fileCollection 

        Set flder = fso.GetFolder(folderArg) 

        If(flder.SubFolders.Count > 0) Then  
                Set folderCollection = flder.SubFolders   
                For Each folder In folderCollection 
                        SearchSDsInFolder(folder) 
                Next 
        End If 

        IsNullDacl flder.Path, true 

        Set fileCollection = flder.Files 
        For Each file In fileCollection 
                Dim f : Set f = fso.GetFile(file) 
                IsNullDacl file.Path, False 
        Next
End Sub 

Sub DebugPrint( text) 
        If( Dbg = True) Then  
                WScript.Echo text & vbCr 
        End If 
End Sub