Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Security Matrix for user and group permissions

Posted on 2009-04-07
2
Medium Priority
?
2,370 Views
Last Modified: 2012-05-06
I have been looking for a way to show clients/managers an easy to read visualization of what users belong to what groups and what permissions they have for their folders.

In the past I would just create an excel spreadsheet and update it by hand but it seems there would be an easier way to really show this to someone who may or may not have much technical knowledge.

I am looking for any tools or templates that would allow me to get this information and/or generate a report for a good way to show this.

2003 based file shares with active directory permissions.

0
Comment
Question by:mgthomas0
2 Comments
 
LVL 15

Assisted Solution

by:zelron22
zelron22 earned 150 total points
ID: 24093618
Access Enum and Share Enum will give you what users/groups have permission to what.
http://technet.microsoft.com/en-us/sysinternals/bb545046.aspx

0
 
LVL 18

Accepted Solution

by:
Americom earned 225 total points
ID: 24094159
See if these tools help. The one that you need to pay gives you more option such as report permission in excel, html, and pdf formats etc.

You can use a free tool "SubInACL" from Microsoft:
http://www.microsoft.com/DownLoads/details.aspx?familyid=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain.

http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services

or if you want to spend some $ on another product specifically for file server from ScriptLogic:
http://www.scriptlogic.com/products/security-explorer/

Or if you have the more $ to spend, you can get the ESR from ScriptLogic:
http://www.scriptlogic.com/products/enterprisesecurityreporter/
This product is more than just for file/folder permission, it is also to report Active Directory object status etc.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question