Solved

How to find where rights are inherited from in NTFS

Posted on 2007-11-29
3
396 Views
Last Modified: 2010-04-21
Greetings,
I am trying to find a tool or a way to backtrack inherited rights in an NTFS structure.
Ex: I have a directoy structure like C:\ABC\123\DEF\456.
A group called Test has inherited rights in the 456 directory, but does not exist in the parent directories. So where did it inherit rights from?
Is it possible that it could have once existed in a parent directory and was removed? But if that was the case wouldn't the rights no longer show as inherited?
I once used a simple tool that was able to backtrack the inheritance of security through a directory structure, but I no longer have it and can't remember the name.
Any thoughts?

Thanks
Mark
0
Comment
Question by:mrlevesque
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 350 total points
ID: 20376558
That folder probably was *moved* from another folder from which it inherited those permissions earlier on.
When a folder is moved within the same partition, the current ACL is kept, not inherited from the parent folder (which can lead to rather confusing results, as you've just noticed).
The tool I like best for security auditing is Somarsoft's DumpSec (http://www.systemtools.com/somarsoft); then there are Sysinternal's AccessEnum, AccessCheck, and ShareEnum (http://www.microsoft.com/technet/sysinternals/securityutilities.mspx?wt.svl=featured).
0
 
LVL 38

Assisted Solution

by:Shift-3
Shift-3 earned 150 total points
ID: 20377996
You can also right-click the file or folder, hit Properties, go to the Security tab, and click the Advanced button.  This will display where each permission was inherited from.  Any permissions which are explicit on the object will show <not inherited>.

This won't help in a situation where the object was moved and you want to know its original location.  You'd need to enable auditing to track that.
0
 

Author Closing Comment

by:mrlevesque
ID: 31411756
Thank-you both!
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question