Solved

NTFS permissions audit - expanding group membership

Posted on 2009-05-14
3
753 Views
Last Modified: 2012-05-07
How do I audit NTFS permissions on a file server so that groups are expanded to show all users who have access?
I need to submit a report to HR of who has access to each folder on our file server. Users are assigned to groups which are given permissions on individual NTFS objects. But I need a report which expands to show the users per object.
0
Comment
Question by:HobartSmelter
3 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 24392598
Auditing will actually show you the user that accessed the file not the group


1) Enable Audit of object access on your file server (or where you have the files to be audited) enable success or failure depending on what you need
2) go to the folder of file you want to audit right click -> properties -> security -> advanced -> auditing
3) set your audit requirements
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 24393788
You can get this information a few ways although I don't enjoy your task here!

DumpACL has a trial version usage which will put all the groups against share in a nice report for you.  It may have an option for users but I don't know as I never needed that.

To resolve members of groups you can use a mix of dsquery and dsget.  Both have plenty of options and a few examples are in the syntax help.
0
 

Author Closing Comment

by:HobartSmelter
ID: 31581765
Thanks Stoner, after a bit of trial and error we ended up using the Microsoft AccessChk with a few batch scripts to get the info we needed.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now