Solved

Report All Share Permissions by User in Windows 2008 AD

Posted on 2010-11-29
4
1,028 Views
Last Modified: 2012-08-13
We have a Microsoft Windows 2008 R2 file server in a Windows 2008 domain.

We serve a large populate and occasionally I am asked "what does Joe User have access to?"

Rather than look at 10,000 folders to figure this out, I'd like a tool to look at 1 server and produce a report of all folders that Joe User can access.

Since file access is based on group membership, the tool would need to query effective permissions -- not just Joe User's account but every group that Joe User belongs to.

Any advice?
0
Comment
Question by:RPPreacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34230438
A few tools that you can try out

dumpsec http://www.systemtools.com/somarsoft/index.html

accessenum  http://www.systemtools.com/somarsoft/index.html and shareenum  http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx

...but I don't think they will give you exactly what you want (i.e. enter name of user and enumerate only what they have access to in the structure.

I'll let you know if I find something else but try those out.

Thanks

Mike
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34230470

It'll be quite hard work for whatever is doing it. It boils down to this:

1. Get the user and all groups the user belongs to
2. Enumerate every Access Control List to see if that user, or any of the groups, is listed

It's not a tremendous amount of work to code something like that, but it is quite a lot of work for whatever is running it. Both in terms of searching a directory tree, and enumerating each ACL.

Chris
0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 0 total points
ID: 34337327
Still looking for a solution.
0
 
LVL 20

Author Closing Comment

by:RPPreacher
ID: 34690186
No useful answers.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Here's a look at newsworthy articles and community happenings during the last month.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question