Solved

How to find where rights are inherited from in NTFS

Posted on 2007-11-29
3
395 Views
Last Modified: 2010-04-21
Greetings,
I am trying to find a tool or a way to backtrack inherited rights in an NTFS structure.
Ex: I have a directoy structure like C:\ABC\123\DEF\456.
A group called Test has inherited rights in the 456 directory, but does not exist in the parent directories. So where did it inherit rights from?
Is it possible that it could have once existed in a parent directory and was removed? But if that was the case wouldn't the rights no longer show as inherited?
I once used a simple tool that was able to backtrack the inheritance of security through a directory structure, but I no longer have it and can't remember the name.
Any thoughts?

Thanks
Mark
0
Comment
Question by:mrlevesque
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 350 total points
ID: 20376558
That folder probably was *moved* from another folder from which it inherited those permissions earlier on.
When a folder is moved within the same partition, the current ACL is kept, not inherited from the parent folder (which can lead to rather confusing results, as you've just noticed).
The tool I like best for security auditing is Somarsoft's DumpSec (http://www.systemtools.com/somarsoft); then there are Sysinternal's AccessEnum, AccessCheck, and ShareEnum (http://www.microsoft.com/technet/sysinternals/securityutilities.mspx?wt.svl=featured).
0
 
LVL 38

Assisted Solution

by:Shift-3
Shift-3 earned 150 total points
ID: 20377996
You can also right-click the file or folder, hit Properties, go to the Security tab, and click the Advanced button.  This will display where each permission was inherited from.  Any permissions which are explicit on the object will show <not inherited>.

This won't help in a situation where the object was moved and you want to know its original location.  You'd need to enable auditing to track that.
0
 

Author Closing Comment

by:mrlevesque
ID: 31411756
Thank-you both!
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question