Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to find where rights are inherited from in NTFS

Posted on 2007-11-29
3
394 Views
Last Modified: 2010-04-21
Greetings,
I am trying to find a tool or a way to backtrack inherited rights in an NTFS structure.
Ex: I have a directoy structure like C:\ABC\123\DEF\456.
A group called Test has inherited rights in the 456 directory, but does not exist in the parent directories. So where did it inherit rights from?
Is it possible that it could have once existed in a parent directory and was removed? But if that was the case wouldn't the rights no longer show as inherited?
I once used a simple tool that was able to backtrack the inheritance of security through a directory structure, but I no longer have it and can't remember the name.
Any thoughts?

Thanks
Mark
0
Comment
Question by:mrlevesque
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 350 total points
ID: 20376558
That folder probably was *moved* from another folder from which it inherited those permissions earlier on.
When a folder is moved within the same partition, the current ACL is kept, not inherited from the parent folder (which can lead to rather confusing results, as you've just noticed).
The tool I like best for security auditing is Somarsoft's DumpSec (http://www.systemtools.com/somarsoft); then there are Sysinternal's AccessEnum, AccessCheck, and ShareEnum (http://www.microsoft.com/technet/sysinternals/securityutilities.mspx?wt.svl=featured).
0
 
LVL 38

Assisted Solution

by:Shift-3
Shift-3 earned 150 total points
ID: 20377996
You can also right-click the file or folder, hit Properties, go to the Security tab, and click the Advanced button.  This will display where each permission was inherited from.  Any permissions which are explicit on the object will show <not inherited>.

This won't help in a situation where the object was moved and you want to know its original location.  You'd need to enable auditing to track that.
0
 

Author Closing Comment

by:mrlevesque
ID: 31411756
Thank-you both!
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question