audit file server for individual permissions
Experts,
I have a 2003 Windows file server with about 4TB of production data. The access department would like to find out whether there is a way to do a search of all files and folders on this server for any files or folders with NTFS permissions assigned to individuals rather than security groups. In order to meet the security guidelines, all network share NTFS permissions have to be assigned to security groups, but a few shares were discovered today where individuals accounts have been assigned permissions to certain folders. I'm looking for a reporting tool, which will show us if there are shares that have NTFS permissions assigned to individuals rather than security groups. Any ideas?
Example of security-compliant folder:
Folder A: System, Administrators, SecurityGroupA
Folder B: System, Administrators, SecurityGroupB
Example of non-compliant folder:
Folder A: System, Administrators, John Smith, SecurityGroupA
Folder B: System, Jolie Smith, Administrators, SecurityGroupB
I have a 2003 Windows file server with about 4TB of production data. The access department would like to find out whether there is a way to do a search of all files and folders on this server for any files or folders with NTFS permissions assigned to individuals rather than security groups. In order to meet the security guidelines, all network share NTFS permissions have to be assigned to security groups, but a few shares were discovered today where individuals accounts have been assigned permissions to certain folders. I'm looking for a reporting tool, which will show us if there are shares that have NTFS permissions assigned to individuals rather than security groups. Any ideas?
Example of security-compliant folder:
Folder A: System, Administrators, SecurityGroupA
Folder B: System, Administrators, SecurityGroupB
Example of non-compliant folder:
Folder A: System, Administrators, John Smith, SecurityGroupA
Folder B: System, Jolie Smith, Administrators, SecurityGroupB
ASKER
thanks -- but that's not what i'm looking for (I think)... I need to be able to tell it to skip security groups, skip a few users like builtin\administrator, system, etc.. and just show me files & folders with permissions assigned to individual accounts... actually skipping security groups would probably be enough, but then again if you have to sift through 4 terabytes of data...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hyena will visually give me what I'm looking for... Thanks guys!
http://gallery.technet.microsoft.com/scriptcenter/405a12f6-fb57-4078-92fc-ff495f3e98be