Reviewing access on network shares

Posted on 2005-05-03
Last Modified: 2013-12-04
I am currently tasked with reviewing who has access to network shares here. Is there an easy way to audit what users/groups have what access (read, write, modify, full...) to shares? There are shares on several servers here, all of them running Windows Server 2003.
Question by:porkramen
    LVL 4

    Expert Comment


    You could try srvcheck, part of the Windows 2003 resource kit.  It does not, however, display hidden shares.  I no longer have it, but if you can find it, there was an article in the premiere issue of TechNet magazine that covered listing shares and permissions.

    Good Luck!

    Author Comment

    Looks great!

    I have a question though! If I have a share like:


    and the security varies from directory01 to directory02 how do I account for that?
    LVL 82

    Accepted Solution

    Try Sysinternal's ShareEnum (, AccessEnum (, and Somarsoft's DumpSec (
    In general, it's easiest to manage if you set share permissions to Full Control for Everyone in general, then use NTFS permissions to lock down the directories. Share permissions are remnants from file systems that don't support security.
    LVL 9

    Expert Comment

    You could use the native cacls command.  This will display what group or user has access and the level of permission.  For example, from a command prompt, type "cacls c:\*".  
    LVL 18

    Expert Comment

    I use dumpsec which allows auditing of file/folder permissions, users/groups, and some other great things. You get nice reports that can be printed or saved.
    LVL 18

    Expert Comment

    by:luv2smile the thread and saw oBda had already mentioned it. Sorry for the double post!

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Suggested Solutions

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now