?
Solved

Display rights to folders

Posted on 2011-02-25
10
Medium Priority
?
315 Views
Last Modified: 2012-05-11
Hello

I am looking for a way to export or display all of the rights a person has to folders

Is this possible?

thanks in advance


Environment
Server08 R2
0
Comment
Question by:briousd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 34983479
CACLS
0
 
LVL 3

Author Comment

by:briousd
ID: 34983580
I have tried that thanks, actually it would be Icacls i believe but i think you can only check permissions on a folder with that

I would like to specify a domain user and have the ntfs permissions list out for that user
0
 
LVL 4

Accepted Solution

by:
pamiken earned 2000 total points
ID: 34983735
Sorry, I meant Xcacls from the resource kit.  You can use the /T to recursively go through sub folders.  The output is not user friendly though.  

I've used dumpsec from
http://www.systemtools.com/somarsoft/   
on win 2003.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:briousd
ID: 34983946
ok thanks, any guidance you can give on how to use dumpsec. i am assuming it gets installed on the file server, then what is next ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984240
Hi,

You can do this via powershell quite easily

First run this command to check if you can run ps code

Get-ExecutionPolicy
RemoteSigned

if it's something else then run the following command

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

If just want to check on Single file or Folder use the following command
Get-Acl -Path C:\windows | FL Path, AccessToString


For Bulk use this
Now run the following command to get folder path

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique

You can either copy from the console or redirect it to a csv file

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique | Out-File -FilePath P:\Temp\inheritance.txt

Open the File, Add FolderName (can be anything) as header, rename the extension to .csv

Now

import-csv -path P:\temp\inheritance.csv | %{Get-Acl $_.FolderName} | FT Path, AccessToString -Wrap

0
 
LVL 9

Expert Comment

by:djpazza
ID: 34984666
0
 
LVL 3

Author Comment

by:briousd
ID: 34997407
Nice. thanks for the power shell info. I see you have how to display permissions on a folder, how would i view all permissions on a folder and subfolders for a specific domain user?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34998905
That's a bit tricky to get. But sure in PS you can achieve it. It would require me sometime before i can write up that code.
0
 
LVL 3

Author Comment

by:briousd
ID: 34998997
ah ok, a colleague just told me to look into an app called dumpsec
0
 
LVL 3

Author Comment

by:briousd
ID: 35000791
yes an application called dumpsec gets you specific rights when searching via user name
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question