Solved

How to scan NTFS permissions of an entire directory

Posted on 2009-07-01
2
1,369 Views
Last Modified: 2013-12-04
I have a folder on my companies file server. The folder has 46,878 files & 6,526 folders. I need to run a report that will list out the NTFS permisions for every object (files and folders) located under this parent folder.

I was told about a microsoft tool 'xcacls.vbs' that will run a report for me, but I can only seem to get it to work on one folder at a time. I am unable to get it the tool to traverse the directory and pull results from all of the subdirectories and files.

Does anyone know how to use this tool to pull a report that I need or perhaps another tool that can get the job done?

Thanks!!!
0
Comment
Question by:dowhatyoudo22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 24754889
You need /t to traverse subdirectories.
But if you want a more concise list, check this from SystemTools/Somarsoft (my favorite tool):
DumpSec (http://www.systemtools.com/somarsoft)
Install the download on an XP machine, uncheck "Hyena"; you can then copy DumpSec.exe and the help file to where you want.
You'll get the most concise report possible when you go to Report > Permission Reports Options, check only "Show Permissions", and set the radio button to "Show directories (but not files) whose permissions differ ...".
Showing the owner will create a lot of entries nobody actually cares about when all you want is an NTFS permission report, and file permissions usually aren't that interesting, either.

Or these tools from Sysinternals:
AccessEnum (http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx)
AccessChk (http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx)
ShareEnum (http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx)
Or this one from Scriptlogic:
Security Explorer (http://www.scriptlogic.com/products/securityexplorer/)
0
 
LVL 2

Expert Comment

by:cincytopher
ID: 24754926
We also use DumpSec and it works great.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question