Solved

NTFS permissions audit - expanding group membership

Posted on 2009-05-14
3
756 Views
Last Modified: 2012-05-07
How do I audit NTFS permissions on a file server so that groups are expanded to show all users who have access?
I need to submit a report to HR of who has access to each folder on our file server. Users are assigned to groups which are given permissions on individual NTFS objects. But I need a report which expands to show the users per object.
0
Comment
Question by:HobartSmelter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 24392598
Auditing will actually show you the user that accessed the file not the group


1) Enable Audit of object access on your file server (or where you have the files to be audited) enable success or failure depending on what you need
2) go to the folder of file you want to audit right click -> properties -> security -> advanced -> auditing
3) set your audit requirements
0
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 24393788
You can get this information a few ways although I don't enjoy your task here!

DumpACL has a trial version usage which will put all the groups against share in a nice report for you.  It may have an option for users but I don't know as I never needed that.

To resolve members of groups you can use a mix of dsquery and dsget.  Both have plenty of options and a few examples are in the syntax help.
0
 

Author Closing Comment

by:HobartSmelter
ID: 31581765
Thanks Stoner, after a bit of trial and error we ended up using the Microsoft AccessChk with a few batch scripts to get the info we needed.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question