NTFS permissions audit - expanding group membership

How do I audit NTFS permissions on a file server so that groups are expanded to show all users who have access?
I need to submit a report to HR of who has access to each folder on our file server. Users are assigned to groups which are given permissions on individual NTFS objects. But I need a report which expands to show the users per object.
HobartSmelterAsked:
Who is Participating?
 
Rob StoneConnect With a Mentor Commented:
You can get this information a few ways although I don't enjoy your task here!

DumpACL has a trial version usage which will put all the groups against share in a nice report for you.  It may have an option for users but I don't know as I never needed that.

To resolve members of groups you can use a mix of dsquery and dsget.  Both have plenty of options and a few examples are in the syntax help.
0
 
AkhaterCommented:
Auditing will actually show you the user that accessed the file not the group


1) Enable Audit of object access on your file server (or where you have the files to be audited) enable success or failure depending on what you need
2) go to the folder of file you want to audit right click -> properties -> security -> advanced -> auditing
3) set your audit requirements
0
 
HobartSmelterAuthor Commented:
Thanks Stoner, after a bit of trial and error we ended up using the Microsoft AccessChk with a few batch scripts to get the info we needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.