2

I have two directory trees that are supposedly copies of each other. I need to compare not the contents of files but the permissions on them. Is there a tool that will compare two dir trees but compare the ACLs on files and directories, not the file contents themselves? I am on Windows Server.

DaveBurns
  • 205
  • 1
  • 3
  • 7

2 Answers2

2

This tool may be your best bet http://support.microsoft.com/kb/318754

cpgascho
  • 753
  • 1
  • 9
  • 23
  • Thanks. I think that tool is a building block for what I'm looking for but it doesn't do the compare between two items and output the diffs. – DaveBurns Dec 09 '10 at 21:22
  • 2
    Use xcacls as @cpgascho suggested but send the output to dir1.txt and dir2.txt. Then use winmerge to compare the two text files. – sdanelson Dec 10 '10 at 02:07
  • yes winmerge is a great tool for doing the diff – cpgascho Dec 10 '10 at 15:03
  • Not sure how to score this for props. The best answer is @sdanelson 's above. I ran xcacls on the two trees and then diff'ed output with any diff tool (could be winmerge, could anything else). Thanks! – DaveBurns Feb 05 '11 at 15:32
2

Try to use:

icacls C:\Folder1 /save Folder1_ACL.txt /T
icacls C:\Folder2 /save Folder2_ACL.txt /T

And than put the two output files into a diff software like WinMerge or KDiff. With Windows tools you can run

fc Folder1_ACL.txt Folder2_ACL.txt

You will see the difference acl difference between the two folders.

larkee
  • 191
  • 1
  • 8
  • This stores the ACLs in binary format. Use a text format instead. – leeand00 Apr 16 '15 at 18:15
  • It's not *really* binary. [SDDL](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/f4296d69-1c0f-491f-9587-a960b292d070) is simply a shorthand for writing descriptors and they can be easily compared even in notepad (it's ugly though, undoubtedly). Anyway, the problem with icacls backup is that it just saves DACLs. Ownership and groups/control are skipped. I believe [SetACL](https://helgeklein.com/setacl/examples/managing-file-system-permissions-with-setacl-exe/#example-2-listing-and-backup) should be able to import/export everything at once (also Get-Acl, but ps sucks imho). – mirh Dec 26 '19 at 21:32