Solved

audit file server for individual permissions

Posted on 2011-02-11
5
1,240 Views
Last Modified: 2012-05-11
Experts,

I have a 2003 Windows file server with about 4TB of production data.  The access department would like to find out whether there is a way to do a search of all files and folders on this server for any files or folders with NTFS permissions assigned to individuals rather than security groups.  In order to meet the security guidelines, all network share NTFS permissions have to be assigned to security groups, but a few shares were discovered today where individuals accounts have been assigned permissions to certain folders.  I'm looking for a reporting tool, which will show us if there are shares that have NTFS permissions assigned to individuals rather than security groups.  Any ideas?

Example of security-compliant folder:
Folder A: System, Administrators, SecurityGroupA
Folder B: System, Administrators, SecurityGroupB

Example of non-compliant folder:
Folder A: System, Administrators, John Smith, SecurityGroupA
Folder B: System, Jolie Smith, Administrators, SecurityGroupB
0
Comment
Question by:taki1gostek
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:BtechB
ID: 34874062
This might help. I haven't tried it but it look like it does the trick. I have been needing this myself and found this recently.

http://gallery.technet.microsoft.com/scriptcenter/405a12f6-fb57-4078-92fc-ff495f3e98be
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 34874160
thanks -- but that's not what i'm looking for (I think)... I need to be able to tell it to skip security groups, skip a few users like builtin\administrator, system, etc..  and just show me files & folders with permissions assigned to individual accounts...  actually skipping security groups would probably be enough, but then again if you have to sift through 4 terabytes of data...  
0
 
LVL 3

Assisted Solution

by:BtechB
BtechB earned 250 total points
ID: 34874564
Take a look at Powershell and Get-ACL command. It will take a little work but with the correct input and output formatting I bet you will get what you want. Here are two useful links.

http://technet.microsoft.com/en-us/library/ee176838.aspx

This thread shows how to do subfolders. It looks like you will need a prepared list.
http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=3128

Sorry this is not a detailed answer but maybe it will put us both on the right track.
0
 
LVL 61

Accepted Solution

by:
btan earned 250 total points
ID: 34877923
Sysinternal has a couple of tool that can do the ACL check
a) AccessChk - If you specify a user or group name and path, AccessChk will report the effective permissions for that account; otherwise it will show the effective access for accounts referenced in the security descriptor. In this case, probably has to script it with the interested security  group - understand not as ideal and automated

@ http://technet.microsoft.com/en-us/sysinternals/bb664922

b) AccessEnum or ShareEnum - both GUI based listing not customisable though  
@ http://technet.microsoft.com/en-us/sysinternals/bb897332
@ http://technet.microsoft.com/en-us/sysinternals/bb897442

Actually there is DumpSec from SomarSec, that is designed to dump security settings into a file or on a screen
@ http://www.systemtools.com/somarsoft/?somarsoft.com

Hyena's Disk and File Administration
@ http://www.systemtools.com/hyena/index.html
image @ http://www.systemtools.com/images/shareview.gif

May not have a straight of the self product....
0
 
LVL 2

Author Closing Comment

by:taki1gostek
ID: 34929055
Hyena will visually give me what I'm looking for... Thanks guys!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

In this article, I provide some information on storage disks which go into calculations that will help you figure out how much Input/output Operations Per Second (IOPS) your disk subsystem can deliver. To effectively size & tune up applications l…
How to update Firmware and Bios in Dell Equalogic PS6000 Arrays and Hard Disks firmware update.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now