Current NTFS ACEs Without Inheritance
Summary
How when using the srs.current_ntfs_aces view can I report on the ACEs without inheritance?
Explanation
The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask.
If the bit flag with a value of 16 is present, then the ACE is inherited. Filtering out inherited ACEs is a simple matter of checking that this flag is off.
Code
SELECT * FROM srs.current_ntfs_aces WHERE ace_flags & 16 <> 16Preview Images
Downloads
| Attachment | Size |
|---|---|
| Current NTFS ACES Without Inheritance.zip | 3.38 KB |
Sample Report
| Attachment | Size |
|---|---|
| Current NTFS ACEs without Inheritance.pdf | 75.66 KB |