[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

audit file server for individual permissions

Posted on 2011-02-11
5
Medium Priority
?
1,267 Views
Last Modified: 2012-05-11
Experts,

I have a 2003 Windows file server with about 4TB of production data.  The access department would like to find out whether there is a way to do a search of all files and folders on this server for any files or folders with NTFS permissions assigned to individuals rather than security groups.  In order to meet the security guidelines, all network share NTFS permissions have to be assigned to security groups, but a few shares were discovered today where individuals accounts have been assigned permissions to certain folders.  I'm looking for a reporting tool, which will show us if there are shares that have NTFS permissions assigned to individuals rather than security groups.  Any ideas?

Example of security-compliant folder:
Folder A: System, Administrators, SecurityGroupA
Folder B: System, Administrators, SecurityGroupB

Example of non-compliant folder:
Folder A: System, Administrators, John Smith, SecurityGroupA
Folder B: System, Jolie Smith, Administrators, SecurityGroupB
0
Comment
Question by:taki1gostek
  • 2
  • 2
5 Comments
 
LVL 3

Expert Comment

by:BtechB
ID: 34874062
This might help. I haven't tried it but it look like it does the trick. I have been needing this myself and found this recently.

http://gallery.technet.microsoft.com/scriptcenter/405a12f6-fb57-4078-92fc-ff495f3e98be
0
 
LVL 2

Author Comment

by:taki1gostek
ID: 34874160
thanks -- but that's not what i'm looking for (I think)... I need to be able to tell it to skip security groups, skip a few users like builtin\administrator, system, etc..  and just show me files & folders with permissions assigned to individual accounts...  actually skipping security groups would probably be enough, but then again if you have to sift through 4 terabytes of data...  
0
 
LVL 3

Assisted Solution

by:BtechB
BtechB earned 1000 total points
ID: 34874564
Take a look at Powershell and Get-ACL command. It will take a little work but with the correct input and output formatting I bet you will get what you want. Here are two useful links.

http://technet.microsoft.com/en-us/library/ee176838.aspx

This thread shows how to do subfolders. It looks like you will need a prepared list.
http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=3128

Sorry this is not a detailed answer but maybe it will put us both on the right track.
0
 
LVL 66

Accepted Solution

by:
btan earned 1000 total points
ID: 34877923
Sysinternal has a couple of tool that can do the ACL check
a) AccessChk - If you specify a user or group name and path, AccessChk will report the effective permissions for that account; otherwise it will show the effective access for accounts referenced in the security descriptor. In this case, probably has to script it with the interested security  group - understand not as ideal and automated

@ http://technet.microsoft.com/en-us/sysinternals/bb664922

b) AccessEnum or ShareEnum - both GUI based listing not customisable though  
@ http://technet.microsoft.com/en-us/sysinternals/bb897332
@ http://technet.microsoft.com/en-us/sysinternals/bb897442

Actually there is DumpSec from SomarSec, that is designed to dump security settings into a file or on a screen
@ http://www.systemtools.com/somarsoft/?somarsoft.com

Hyena's Disk and File Administration
@ http://www.systemtools.com/hyena/index.html
image @ http://www.systemtools.com/images/shareview.gif

May not have a straight of the self product....
0
 
LVL 2

Author Closing Comment

by:taki1gostek
ID: 34929055
Hyena will visually give me what I'm looking for... Thanks guys!
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
Organisation is organized in a pattern to flow the day to day business, every application and system is interdepended on each other and when very important “Exchange Server downtime” happened.
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question