Windows 2003 Server User and Group Account Management Tools and or Built In Methods ?

Are there any third party tools and or built in methods in Windows 2003 server that will give me view of all the directories and files that a user account, group or individual, has access to? I woud like to see what directories, what files and the permissions listed for all.  I am a new Windows 2003 administrator but know the basics, ie.: setting permissions, creating and manageing accounts and so on. I just want a better way to manages multiple users on my servers and a way to better remember who has what permissions.
jeinghamAsked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
Xcacls I should of mentioned also- it's at the bottom of the list http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp
It can list the NTFS permissions like this:

C:\Program Files\Resource Kit>xcacls.exe "c:\Documents and Settings"
c:\Documents and Settings NT AUTHORITY\SYSTEM:F
                          BUILTIN\Administrators:F
                          BUILTIN\Users:R
                          BUILTIN\Power Users:R
                          Everyone:R
                          NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                          BUILTIN\Administrators:(OI)(CI)(IO)F
                          BUILTIN\Users:(OI)(CI)(IO)(special access:)
                                        GENERIC_READ
                                        GENERIC_EXECUTE

                          BUILTIN\Power Users:(OI)(CI)(IO)(special access:)
                                              GENERIC_READ
                                              GENERIC_EXECUTE

                          Everyone:(OI)(CI)(IO)(special access:)
                                   GENERIC_READ
                                   GENERIC_EXECUTE
-rich
0
 
Rich RumbleSecurity SamuraiCommented:
Do you want to know the NTFS permissions of HD's and or file/folders?
You can use PERMS or the many other utilities here: http://www.microsoft.com/windows2000/techinfo/reskit/tools/ to do that.
You'd have to use this on every machine on your lan to get an accurate account of this information, there is nothing that keeps track of what files/folder users can/cannot have access to- although that would be nice, I've never seen such a tool.
-rich
0
 
jeinghamAuthor Commented:
rich...

Just files and folders I select, recursively of course.

It is good that MS has something to assist in the task of user management. It does surprise me that there are is not a more sophisticated method to track user folder and file access. Looks like  perms.exe does not do a good job with groups and access negation. I suppose that  a tool like that would be great for hacking Perhaps that is the reason it does not exist or is at least not immediately forth coming in any of my searches for such a tool.

I will give perms.exe a try in any case.

Before I accept this as the answer I would like to see if anyone else knows of tool sets along this line.

Thanks

J
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.