• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 429
  • Last Modified:

Security to folders

I’m looking for a way to see what folders a specific user has permission to access.
Active Directory shows what security groups a user belongs to by looking at the ‘member of’ tab but this doesn’t show any individual folders that the user has been given access to.

I found a piece of software called security explorer that will drill down and show any folder on any network drive that the user has permissions to but it comes at a price of $500. Before I ask for the company check book, I thought I would pose the question to see if anybody else had a solution (cheap or free would be wonderful!)
0
badams31
Asked:
badams31
1 Solution
 
elbereth21Commented:
Hi,
a method I use frequently is to run a check on all shared folders on a server with Dumpacl: http://www.somarsoft.com/
It is free and really useful and easy to use.
0
 
kamichieCommented:
This is really bugging me, you do not need to pay $500 bucks for this functionality. I know vbscript can accomplish this pretty easily, I just can't seem to find a prewritten script for you.
0
 
PhilR714Commented:
You could simply go to the specific folder and right click on it a nd go to properties.  On the security tab you will see what groups and/or individuals have been given permission and what type of permission they have.  Of course you can manage all of this through group policy.
Phil
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
kamichieCommented:
I think this guy wants to be able to type in a username, and see which folders that user could access, read, write, or etc. This way he can verify he hasn't accidently given them permisiions to a folder they shouldn't have. I dont know how big his network is, but when you deal with over 1500 users and some 246 gigs of excel files, databases, and other crap it can get overwhelming. Espically if you work for one of these places that is constantly moving people from one project to another, blah, blah. My final point is if badams31 cant find a soultion from one of these posts, I bet I could slap together a script for him. Let me know, cause I'm not going to do it unless you absoultely can't find another solution.
0
 
PhilR714Commented:
kamichie...You make a very good point.  I wasn't considering the scope of his network and number of users.
Phil
0
 
badams31Author Commented:
Kamichie, you are right on as to what i want to do... a script would be PERFECT.
0
 
samb39Commented:
This would work, but it would be a bit messy

Open a command prompt window

CD to the root of the tree you want to search

execute this command:

cacls *.* /T > permissions.txt

The result appears in the file permissions.txt, and it looks like this:

---------------------------------------------------------------
E:\Documents and Settings\Sam\Desktop\temp1\New Folder SAMP4\Sam:F
                                                       SAMP4\Sam:(OI)(CI)(IO)F
                                                       NT AUTHORITY\SYSTEM:F
                                                       NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                                                       BUILTIN\Administrators:F
                                                       BUILTIN\Administrators:(OI)(CI)(IO)F

E:\Documents and Settings\Sam\Desktop\temp1\New Text Document.txt SAMP4\Waldo:R
                                                                  SAMP4\Sam:F
                                                                  NT AUTHORITY\SYSTEM:F
                                                                  BUILTIN\Administrators:F

E:\Documents and Settings\Sam\Desktop\temp1\permissions.txt SAMP4\Sam:F
                                                            NT AUTHORITY\SYSTEM:F
                                                            BUILTIN\Administrators:F

E:\Documents and Settings\Sam\Desktop\temp1\New Folder\New Text Document.txt SAMP4\Waldo:R
                                                                             SAMP4\Sam:F
                                                                             NT AUTHORITY\SYSTEM:F
                                                                             BUILTIN\Administrators:F

----------------------------------------------------------------------------------------------------
Now all you have to do is find all occurrences of the name you want in that list, plus all other names that include that person (such as Everyone and Authenticated Users).  If it's a large list, I'd import it into Excel and use string functions to find them.


0
 
enwhyseeCommented:
You could use the following tool from SysInternals:

"There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary. "

http://www.sysinternals.com/Utilities/AccessEnum.html

0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now