# This scrip will travers a given depth of folders and see if an admin (or user)
# is not in that group.  When you call the script, you have to give 3 arguments
# from the command line
#     1. firs you must give a number of levels that you want to dig down into
#     2. You must give a starting point to that you want to search\traverse
#     3. you give a path and file name of an output file that will be written
#        to when a fooder does not have the group and correct rights

# This will walk a directory when given 2 arguments, the depth and the directory
# For some reason when I run this script I get 2 lines or errors all the time so I
# call a clear screen to clear the errors.  It has somting to do when I call the
# Win32::Perms and File::DirWalk


use File::DirWalk;
use Win32::Perms;

# Clear the screen
system("cls");

#  Setting up the sub rutiene
sub getperms;
sub ERROR;


# Getting command line arguments
my($arg1,$arg2,$arg3) = @ARGV;
chomp($arg1,$arg2,$arg3);
# changing the color to regular in the command prompt
system("color 07");



# Making sure that all the arguments are filled
if(length($arg1) < 1 or length($arg2) <1 or length($arg3) <1)
{
    system("color A");
    print "You need to give 3 arguments\n\nThe 1st is the folder depth that you want to search.\n\n";
    print "The 2nd is the path you want to traverse\n\n";
    print "The 3rd is the path and file name for the log file such as c:\\somting_err.txt\n\n";
    print "EXAMPLE somthing.pl 3 t:\\A_Directory \"c:\\program files\\temp\\error log.txt\"\n\n";
    print "REMEMBER to add quotes \" \" to any path if there are any spaces in that path\n\n";
    exit;
}

# Changing the output color
system("color 4e");
print "Folder_Look_For_Admin_Recrus.exe v1.0\n";


my $x = 0;
# Setting up and executing the directory walk
my $dw = new File::DirWalk;
my @all;
$dw->onDirEnter(sub {
    my ($dir) = @_;
     getperms $dir;
#     if($x == 1000){
#        print $dir . "\n";
#         $x = 0;
#     }
#     $x++;
    return File::DirWalk::SUCCESS;
});
# Running directory walk
$dw->setDepth($arg1);
$dw->walk("$arg2");



sub ERROR
{
    my($error) = @_;
    chomp($error);
    open(WRITER, ">>". $arg3);
    print WRITER "lala " . $error . "\n";
    close(WRITER);
}


# This is the perms sub
sub getperms {
    # We need to have a collection varieble to add all the output into.  We will use this variable to parse information
    $strMaster = "";

  my ($obj) = @_;
  $Perm = new Win32::Perms($obj);
#   print "Permissions for:  $obj ,\n";
  $strMaster = $obj;

    $read     = 'READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_READ_ATTRIBUTES';
    $write     = 'SYNCHRONIZE FILE_WRITE_EA FILE_WRITE_ATTRIBUTES';
    $RW        = 'READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_WRITE_EA FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES';
    $RE        = 'READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_EXECUTE FILE_READ_ATTRIBUTES';
    $mod    = 'DELETE READ_CONTROL SYNCHRONIZE FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES';
    $full     = 'STANDARD_RIGHTS_ALL FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_DELETE_CHILD FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES';


  $Perm->Dump(\@List);

  foreach $acct (@List) {
    my(@Permissions);
    next if ($acct->{Entry} ne "DACL");

    Win32::Perms::DecodeMask($acct->{Mask},\@Permissions);

 
    my $final = join(" ",@Permissions);

    
    if($final =~ m/$full/)
    {
#         print ",$acct->{Account} , Full";
        $strMaster = $strMaster . ",$acct->{Account} <> Full";
        
    }
    elsif ($final =~ m/$read/)
    {
#         print ",$acct->{Account} , Read";
        $strMaster = $strMaster . ",$acct->{Account} <> Read";
    }
    elsif ($final =~ m/$write/)
    {
#         print ",$acct->{Account} , Write";
        $strMaster = $strMaster . ",$acct->{Account} <> Write";
    }
    elsif ($final =~ m/$RW/)
    {
#         print ",$acct->{Account} , Read Write";
        $strMaster = $strMaster . ",$acct->{Account} <> Read Write";
    }
    elsif ($final =~ m/$RE/)
    {
#         print ",$acct->{Account} , Read Execute";
        $strMaster = $strMaster . ",$acct->{Account} <> Read Execute"
    }
    elsif ($final =~ m/$mod/)
    {
#         print ",$acct->{Account} , Modify";
        $strMaster = $strMaster . ",$acct->{Account} <> Modify";
    }
    else
    {
#         print ",$acct->{Account} , SPECIAL <--> $final";
        $strMaster = $strMaster . ",$acct->{Account} <> SPECIAL <--> $final";
    }

  }
  
    # Change this search to serch for the group that you are looking for
    if($strMaster !~ m/Administrators <> Full/){   # <--------------------- Change this group, this is the group that you want to search for
        # Print error line to log file
        ERROR $strMaster;
        print $strMaster . "\n";
        
        
    }
       
 
}
print ("\n\nThe End\n\n");
system("color e");