Scripting Effective Permissions

C

Chris Bingham

Hi,

I've got a bit of an issue with permissions and was hoping someone can help
please?
I've got to do an audit of who can access what on our file servers - so
really what every user's effective NTFS permissions are on each share and
it's sub folders. Obviously this would take quite a while to do manually
(~150 users) and I've got zero budget to get any of the nice tools that do
all this for you!
So I was hoping I'd be able to script it, but I can't seem to find any
examples of how to do this...

What I'm after is a way to check what a given user accounts effective
permissions are on a given folder. By 'effective permissions', I mean the
kind of information you'd get from the 'Effective Permissions' tab in Server
2003.
Ideally, I'm also looking to format the output so as to produce a nice
delimited, Excel-friendly, text file.

Does any one know of a way to do this please?
Or even better, does anyone know of a good, free tool for doing this please?

Thanks for any help anyone can give,
Chris
 
J

Jon Holvoet

In case of freeware I can advise two tools for this:

Dumpsec: http://www.somarsoft.com/

SetACL: http://setacl.sourceforge.net/

Last one is more scripting, and syntax can be a bit tricky and complex in
the beginning, but by looking at the examples you should be able to figure
it out. Once you get the hang of this tool it can be a life-saver, or just
very handy to bulk-apply ACL's, report, straighten out your fileserver,
etc...

--

Jon Holvoet
MCSA / MCSE Security
Comptia Security+
CISSP


"Chris Bingham" <ChrisBingham@discussions.microsoft.com> wrote in message
news:FD9A9280-FE1C-45E5-8C2F-CC1F7A44FF6F@microsoft.com...
> Hi,
>
> I've got a bit of an issue with permissions and was hoping someone can
> help
> please?
> I've got to do an audit of who can access what on our file servers - so
> really what every user's effective NTFS permissions are on each share and
> it's sub folders. Obviously this would take quite a while to do manually
> (~150 users) and I've got zero budget to get any of the nice tools that do
> all this for you!
> So I was hoping I'd be able to script it, but I can't seem to find any
> examples of how to do this...
>
> What I'm after is a way to check what a given user accounts effective
> permissions are on a given folder. By 'effective permissions', I mean the
> kind of information you'd get from the 'Effective Permissions' tab in
> Server
> 2003.
> Ideally, I'm also looking to format the output so as to produce a nice
> delimited, Excel-friendly, text file.
>
> Does any one know of a way to do this please?
> Or even better, does anyone know of a good, free tool for doing this
> please?
>
> Thanks for any help anyone can give,
> Chris
 
J

jwgoerlich@gmail.com

Hello Chris,

I ran into the same thing earlier this month. SetACL is great but does
not layout the permissions in quite the way I (or the auditor) wanted.
I ended up writing my own down-and-dirty C# app to do this. It
required the .Net 2 framework, which was already on all of the
servers. If you are interested, I tossed the app with source code up
online:

http://www.beogroup.com/jwgoerlich/AuditFileAcl.zip

The syntax is:
AuditFileAcl.exe /Folder:"data path" /Output:"Where to create the
output file"

For example, to audit the files in a folder on (E:) and write to a
audit xls file:
AuditFileAcl.exe /Folder:"E:\Data Files" /Output:"C:\Audit Files\E-
Files-Audit.xls"

The output it tab delimited. It is cumulative, too, so you can run
multiple audits on a machine and appended them into one output file.
Excel 2003 easily opens this and offers the ability to save to a full-
blown Excel spreadsheet.

Good luck with your audit.

J Wolfgang Goerlich


On Sep 19, 10:52 am, Chris Bingham
<ChrisBing...@discussions.microsoft.com> wrote:
> Hi,
>
> I've got a bit of an issue with permissions and was hoping someone can help
> please?
> I've got to do an audit of who can access what on our file servers - so
> really what every user's effective NTFS permissions are on each share and
> it's sub folders. Obviously this would take quite a while to do manually
> (~150 users) and I've got zero budget to get any of the nice tools that do
> all this for you!
> So I was hoping I'd be able to script it, but I can't seem to find any
> examples of how to do this...
>
> What I'm after is a way to check what a given user accounts effective
> permissions are on a given folder. By 'effective permissions', I mean the
> kind of information you'd get from the 'Effective Permissions' tab in Server
> 2003.
> Ideally, I'm also looking to format the output so as to produce a nice
> delimited, Excel-friendly, text file.
>
> Does any one know of a way to do this please?
> Or even better, does anyone know of a good, free tool for doing this please?
>
> Thanks for any help anyone can give,
> Chris
 
You must log in or register to reply here.

Similar threads

P
How to reset WindowsApps folder permissions in order for Windows 10 programs to work like new
Replies
0
Views
29
pran105336
P
D
How to restore files without losing permissions
Replies
0
Views
22
Default__578
D
S
Unable to give a non Domain Admin access to rename a Computer through delegated permissions
Replies
0
Views
30
Stokesy_889
S
D
Can't take ownership of a folder even though effective access says I have permissions to do it
Replies
0
Views
80
DY4Y
D
S
Desktop Permissions Issue - Windows 10 22H2
Replies
0
Views
46
S_D
S
Back
Top Bottom