Reformatting sysinternals accesschk

Kerbje · April 25, 2012, 4:42pm

Hi all,

I'll just start by saying this forum is really great and contains some much information, keep up the good work!

Back to the action: I'm trying to reformat the output of a MS tool (sysinternals) called 'accesschk'. It can be used to generate an overview of directory structures and their permissions.

Tool output example:

c:\Users\Default
  RW NT AUTHORITY\SYSTEM
  RW BUILTIN\Administrators
  R  BUILTIN\Users
  R  Everyone
c:\Users\Test User
  R  Everyone
  RW NT AUTHORITY\SYSTEM
  RW BUILTIN\Administrators

I want to reformat it to a delimited file where each lines contains the folder, followed by the user followed by the permission. Let me reformat the example.

Desired ouput:

c:\Users\Default;NT AUTHORITY\SYSTEM;RW
c:\Users\Default;BUILTIN\Administrators;RW
c:\Users\Default;BUILTIN\Users;R
c:\Users\Default;Everyone;R
c:\Users\Test User;Everyone;R
c:\Users\Test User;NT AUTHORITY\SYSTEM;RW
c:\Users\Test User;BUILTIN\Administrators;RW

I tried this:

awk 'BEGIN{OFS=";"} !/^  / {f=$0} /^  / { print f, $0}' test.txt

This is the logic I used:

If a line does not start with a double space, it contains the folder name, so we store it in a variable f and don't print the line. If the line do starts with a double space, it contains a permission, so print the last folder name we have, a semicolon and the current line.

But it seems it prints the folder name and then overwrites the same line with the current. So this is the output:

;  RW NT AUTHORITY\SYSTEM
;  RW BUILTIN\Administrators
;  R  BUILTIN\Users
;  R  Everyonelt
;  R  EveryoneUser
;  RW NT AUTHORITY\SYSTEM
;  RW BUILTIN\Administrators

If anyone can point me in the right direction, it would make me a happy man!

Thanks in advance.
Kerbje

Corona688 · April 25, 2012, 5:25pm

The 'overwriting line' behavior is probably caused by carriage returns, which return the cursor to the beginning of the line without moving down one line. Text files generated by Windows are full of them.

tr -d '\r' < wingarbage > readabletext

neutronscott · April 25, 2012, 6:06pm

Can also make it a part of your awk program:

awk 'BEGIN{OFS=";"} {sub(/\r$/,"")} !/^  / {f=$0} /^  / {print f, $0}' test.txt

edit:
or use it in RS if you know it is there for certain. gawk/mawk allow regex, RS="\r?\n"

awk 'BEGIN{RS="\r\n";OFS=";"}!/^ /{dir=$0;next} {print dir,substr($0,6),$1}' test.txt

Kerbje · April 25, 2012, 6:42pm

Hmmm ... I should have thought about that myself ...

Thank you for helping me out guys!

This is what I finally did:

awk 'BEGIN{OFS=";"} {sub(/\r$/,"")} !/^  / {f=$0} /^  / {FS=" "; print f, substr($0, index($0,$2)),$1}' test.txt

Which gives me the desired output.

Thank you very much!