We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Security to folders

badams31
badams31 asked
on
Medium Priority
446 Views
Last Modified: 2010-04-11
I’m looking for a way to see what folders a specific user has permission to access.
Active Directory shows what security groups a user belongs to by looking at the ‘member of’ tab but this doesn’t show any individual folders that the user has been given access to.

I found a piece of software called security explorer that will drill down and show any folder on any network drive that the user has permissions to but it comes at a price of $500. Before I ask for the company check book, I thought I would pose the question to see if anybody else had a solution (cheap or free would be wonderful!)
Comment
Watch Question

Hi,
a method I use frequently is to run a check on all shared folders on a server with Dumpacl: http://www.somarsoft.com/
It is free and really useful and easy to use.

Commented:
This is really bugging me, you do not need to pay $500 bucks for this functionality. I know vbscript can accomplish this pretty easily, I just can't seem to find a prewritten script for you.
Phil RineOwner

Commented:
You could simply go to the specific folder and right click on it a nd go to properties.  On the security tab you will see what groups and/or individuals have been given permission and what type of permission they have.  Of course you can manage all of this through group policy.
Phil

Commented:
I think this guy wants to be able to type in a username, and see which folders that user could access, read, write, or etc. This way he can verify he hasn't accidently given them permisiions to a folder they shouldn't have. I dont know how big his network is, but when you deal with over 1500 users and some 246 gigs of excel files, databases, and other crap it can get overwhelming. Espically if you work for one of these places that is constantly moving people from one project to another, blah, blah. My final point is if badams31 cant find a soultion from one of these posts, I bet I could slap together a script for him. Let me know, cause I'm not going to do it unless you absoultely can't find another solution.
Phil RineOwner

Commented:
kamichie...You make a very good point.  I wasn't considering the scope of his network and number of users.
Phil

Author

Commented:
Kamichie, you are right on as to what i want to do... a script would be PERFECT.
Commented:
This would work, but it would be a bit messy

Open a command prompt window

CD to the root of the tree you want to search

execute this command:

cacls *.* /T > permissions.txt

The result appears in the file permissions.txt, and it looks like this:

---------------------------------------------------------------
E:\Documents and Settings\Sam\Desktop\temp1\New Folder SAMP4\Sam:F
                                                       SAMP4\Sam:(OI)(CI)(IO)F
                                                       NT AUTHORITY\SYSTEM:F
                                                       NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
                                                       BUILTIN\Administrators:F
                                                       BUILTIN\Administrators:(OI)(CI)(IO)F

E:\Documents and Settings\Sam\Desktop\temp1\New Text Document.txt SAMP4\Waldo:R
                                                                  SAMP4\Sam:F
                                                                  NT AUTHORITY\SYSTEM:F
                                                                  BUILTIN\Administrators:F

E:\Documents and Settings\Sam\Desktop\temp1\permissions.txt SAMP4\Sam:F
                                                            NT AUTHORITY\SYSTEM:F
                                                            BUILTIN\Administrators:F

E:\Documents and Settings\Sam\Desktop\temp1\New Folder\New Text Document.txt SAMP4\Waldo:R
                                                                             SAMP4\Sam:F
                                                                             NT AUTHORITY\SYSTEM:F
                                                                             BUILTIN\Administrators:F

----------------------------------------------------------------------------------------------------
Now all you have to do is find all occurrences of the name you want in that list, plus all other names that include that person (such as Everyone and Authenticated Users).  If it's a large list, I'd import it into Excel and use string functions to find them.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
You could use the following tool from SysInternals:

"There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary. "

http://www.sysinternals.com/Utilities/AccessEnum.html

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.