Solved

audit file server for individual permissions

Posted on 2011-02-11
5
1,245 Views
Last Modified: 2012-05-11
Experts,

I have a 2003 Windows file server with about 4TB of production data.  The access department would like to find out whether there is a way to do a search of all files and folders on this server for any files or folders with NTFS permissions assigned to individuals rather than security groups.  In order to meet the security guidelines, all network share NTFS permissions have to be assigned to security groups, but a few shares were discovered today where individuals accounts have been assigned permissions to certain folders.  I'm looking for a reporting tool, which will show us if there are shares that have NTFS permissions assigned to individuals rather than security groups.  Any ideas?

Example of security-compliant folder:
Folder A: System, Administrators, SecurityGroupA
Folder B: System, Administrators, SecurityGroupB

Example of non-compliant folder:
Folder A: System, Administrators, John Smith, SecurityGroupA
Folder B: System, Jolie Smith, Administrators, SecurityGroupB
0
Comment
Question by:taki1gostek
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:BtechB
ID: 34874062
This might help. I haven't tried it but it look like it does the trick. I have been needing this myself and found this recently.

http://gallery.technet.microsoft.com/scriptcenter/405a12f6-fb57-4078-92fc-ff495f3e98be
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 34874160
thanks -- but that's not what i'm looking for (I think)... I need to be able to tell it to skip security groups, skip a few users like builtin\administrator, system, etc..  and just show me files & folders with permissions assigned to individual accounts...  actually skipping security groups would probably be enough, but then again if you have to sift through 4 terabytes of data...  
0
 
LVL 3

Assisted Solution

by:BtechB
BtechB earned 250 total points
ID: 34874564
Take a look at Powershell and Get-ACL command. It will take a little work but with the correct input and output formatting I bet you will get what you want. Here are two useful links.

http://technet.microsoft.com/en-us/library/ee176838.aspx

This thread shows how to do subfolders. It looks like you will need a prepared list.
http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=3128

Sorry this is not a detailed answer but maybe it will put us both on the right track.
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 34877923
Sysinternal has a couple of tool that can do the ACL check
a) AccessChk - If you specify a user or group name and path, AccessChk will report the effective permissions for that account; otherwise it will show the effective access for accounts referenced in the security descriptor. In this case, probably has to script it with the interested security  group - understand not as ideal and automated

@ http://technet.microsoft.com/en-us/sysinternals/bb664922

b) AccessEnum or ShareEnum - both GUI based listing not customisable though  
@ http://technet.microsoft.com/en-us/sysinternals/bb897332
@ http://technet.microsoft.com/en-us/sysinternals/bb897442

Actually there is DumpSec from SomarSec, that is designed to dump security settings into a file or on a screen
@ http://www.systemtools.com/somarsoft/?somarsoft.com

Hyena's Disk and File Administration
@ http://www.systemtools.com/hyena/index.html
image @ http://www.systemtools.com/images/shareview.gif

May not have a straight of the self product....
0
 
LVL 2

Author Closing Comment

by:taki1gostek
ID: 34929055
Hyena will visually give me what I'm looking for... Thanks guys!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lets start to have a small explanation what is VAAI(vStorage API for Array Integration ) and what are the benefits using it. VAAI is an API framework in VMware that enable some Storage tasks. It first presented in ESXi 4.1, but only after 5.x sup…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question