• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Windows 2003 Server User and Group Account Management Tools and or Built In Methods ?

Are there any third party tools and or built in methods in Windows 2003 server that will give me view of all the directories and files that a user account, group or individual, has access to? I woud like to see what directories, what files and the permissions listed for all.  I am a new Windows 2003 administrator but know the basics, ie.: setting permissions, creating and manageing accounts and so on. I just want a better way to manages multiple users on my servers and a way to better remember who has what permissions.
0
jeingham
Asked:
jeingham
  • 2
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
Do you want to know the NTFS permissions of HD's and or file/folders?
You can use PERMS or the many other utilities here: http://www.microsoft.com/windows2000/techinfo/reskit/tools/ to do that.
You'd have to use this on every machine on your lan to get an accurate account of this information, there is nothing that keeps track of what files/folder users can/cannot have access to- although that would be nice, I've never seen such a tool.
-rich
0
 
jeinghamAuthor Commented:
rich...

Just files and folders I select, recursively of course.

It is good that MS has something to assist in the task of user management. It does surprise me that there are is not a more sophisticated method to track user folder and file access. Looks like  perms.exe does not do a good job with groups and access negation. I suppose that  a tool like that would be great for hacking Perhaps that is the reason it does not exist or is at least not immediately forth coming in any of my searches for such a tool.

I will give perms.exe a try in any case.

Before I accept this as the answer I would like to see if anyone else knows of tool sets along this line.

Thanks

J
0
 
Rich RumbleSecurity SamuraiCommented:
Xcacls I should of mentioned also- it's at the bottom of the list http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp
It can list the NTFS permissions like this:

C:\Program Files\Resource Kit>xcacls.exe "c:\Documents and Settings"
c:\Documents and Settings NT AUTHORITY\SYSTEM:F
                          BUILTIN\Administrators:F
                          BUILTIN\Users:R
                          BUILTIN\Power Users:R
                          Everyone:R
                          NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                          BUILTIN\Administrators:(OI)(CI)(IO)F
                          BUILTIN\Users:(OI)(CI)(IO)(special access:)
                                        GENERIC_READ
                                        GENERIC_EXECUTE

                          BUILTIN\Power Users:(OI)(CI)(IO)(special access:)
                                              GENERIC_READ
                                              GENERIC_EXECUTE

                          Everyone:(OI)(CI)(IO)(special access:)
                                   GENERIC_READ
                                   GENERIC_EXECUTE
-rich
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now