• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1033
  • Last Modified:

Report All Share Permissions by User in Windows 2008 AD

We have a Microsoft Windows 2008 R2 file server in a Windows 2008 domain.

We serve a large populate and occasionally I am asked "what does Joe User have access to?"

Rather than look at 10,000 folders to figure this out, I'd like a tool to look at 1 server and produce a report of all folders that Joe User can access.

Since file access is based on group membership, the tool would need to query effective permissions -- not just Joe User's account but every group that Joe User belongs to.

Any advice?
  • 2
1 Solution
Mike KlineCommented:
A few tools that you can try out

dumpsec http://www.systemtools.com/somarsoft/index.html

accessenum  http://www.systemtools.com/somarsoft/index.html and shareenum  http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx

...but I don't think they will give you exactly what you want (i.e. enter name of user and enumerate only what they have access to in the structure.

I'll let you know if I find something else but try those out.


Chris DentPowerShell DeveloperCommented:

It'll be quite hard work for whatever is doing it. It boils down to this:

1. Get the user and all groups the user belongs to
2. Enumerate every Access Control List to see if that user, or any of the groups, is listed

It's not a tremendous amount of work to code something like that, but it is quite a lot of work for whatever is running it. Both in terms of searching a directory tree, and enumerating each ACL.

RPPreacherAuthor Commented:
Still looking for a solution.
RPPreacherAuthor Commented:
No useful answers.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now