Solved

Report All Share Permissions by User in Windows 2008 AD

Posted on 2010-11-29
4
1,024 Views
Last Modified: 2012-08-13
We have a Microsoft Windows 2008 R2 file server in a Windows 2008 domain.

We serve a large populate and occasionally I am asked "what does Joe User have access to?"

Rather than look at 10,000 folders to figure this out, I'd like a tool to look at 1 server and produce a report of all folders that Joe User can access.

Since file access is based on group membership, the tool would need to query effective permissions -- not just Joe User's account but every group that Joe User belongs to.

Any advice?
0
Comment
Question by:RPPreacher
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230438
A few tools that you can try out

dumpsec http://www.systemtools.com/somarsoft/index.html

accessenum  http://www.systemtools.com/somarsoft/index.html and shareenum  http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx

...but I don't think they will give you exactly what you want (i.e. enter name of user and enumerate only what they have access to in the structure.

I'll let you know if I find something else but try those out.

Thanks

Mike
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34230470

It'll be quite hard work for whatever is doing it. It boils down to this:

1. Get the user and all groups the user belongs to
2. Enumerate every Access Control List to see if that user, or any of the groups, is listed

It's not a tremendous amount of work to code something like that, but it is quite a lot of work for whatever is running it. Both in terms of searching a directory tree, and enumerating each ACL.

Chris
0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 0 total points
ID: 34337327
Still looking for a solution.
0
 
LVL 20

Author Closing Comment

by:RPPreacher
ID: 34690186
No useful answers.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now