Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Report All Share Permissions by User in Windows 2008 AD

Posted on 2010-11-29
4
Medium Priority
?
1,030 Views
Last Modified: 2012-08-13
We have a Microsoft Windows 2008 R2 file server in a Windows 2008 domain.

We serve a large populate and occasionally I am asked "what does Joe User have access to?"

Rather than look at 10,000 folders to figure this out, I'd like a tool to look at 1 server and produce a report of all folders that Joe User can access.

Since file access is based on group membership, the tool would need to query effective permissions -- not just Joe User's account but every group that Joe User belongs to.

Any advice?
0
Comment
Question by:RPPreacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230438
A few tools that you can try out

dumpsec http://www.systemtools.com/somarsoft/index.html

accessenum  http://www.systemtools.com/somarsoft/index.html and shareenum  http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx

...but I don't think they will give you exactly what you want (i.e. enter name of user and enumerate only what they have access to in the structure.

I'll let you know if I find something else but try those out.

Thanks

Mike
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34230470

It'll be quite hard work for whatever is doing it. It boils down to this:

1. Get the user and all groups the user belongs to
2. Enumerate every Access Control List to see if that user, or any of the groups, is listed

It's not a tremendous amount of work to code something like that, but it is quite a lot of work for whatever is running it. Both in terms of searching a directory tree, and enumerating each ACL.

Chris
0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 0 total points
ID: 34337327
Still looking for a solution.
0
 
LVL 20

Author Closing Comment

by:RPPreacher
ID: 34690186
No useful answers.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question