Solved

Display rights to folders

Posted on 2011-02-25
10
313 Views
Last Modified: 2012-05-11
Hello

I am looking for a way to export or display all of the rights a person has to folders

Is this possible?

thanks in advance


Environment
Server08 R2
0
Comment
Question by:briousd
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 34983479
CACLS
0
 
LVL 3

Author Comment

by:briousd
ID: 34983580
I have tried that thanks, actually it would be Icacls i believe but i think you can only check permissions on a folder with that

I would like to specify a domain user and have the ntfs permissions list out for that user
0
 
LVL 4

Accepted Solution

by:
pamiken earned 500 total points
ID: 34983735
Sorry, I meant Xcacls from the resource kit.  You can use the /T to recursively go through sub folders.  The output is not user friendly though.  

I've used dumpsec from
http://www.systemtools.com/somarsoft/   
on win 2003.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:briousd
ID: 34983946
ok thanks, any guidance you can give on how to use dumpsec. i am assuming it gets installed on the file server, then what is next ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984240
Hi,

You can do this via powershell quite easily

First run this command to check if you can run ps code

Get-ExecutionPolicy
RemoteSigned

if it's something else then run the following command

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

If just want to check on Single file or Folder use the following command
Get-Acl -Path C:\windows | FL Path, AccessToString


For Bulk use this
Now run the following command to get folder path

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique

You can either copy from the console or redirect it to a csv file

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique | Out-File -FilePath P:\Temp\inheritance.txt

Open the File, Add FolderName (can be anything) as header, rename the extension to .csv

Now

import-csv -path P:\temp\inheritance.csv | %{Get-Acl $_.FolderName} | FT Path, AccessToString -Wrap

0
 
LVL 9

Expert Comment

by:djpazza
ID: 34984666
0
 
LVL 3

Author Comment

by:briousd
ID: 34997407
Nice. thanks for the power shell info. I see you have how to display permissions on a folder, how would i view all permissions on a folder and subfolders for a specific domain user?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34998905
That's a bit tricky to get. But sure in PS you can achieve it. It would require me sometime before i can write up that code.
0
 
LVL 3

Author Comment

by:briousd
ID: 34998997
ah ok, a colleague just told me to look into an app called dumpsec
0
 
LVL 3

Author Comment

by:briousd
ID: 35000791
yes an application called dumpsec gets you specific rights when searching via user name
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Replication 12 71
Windows 2012 R2 DNS ListenAddresses Null Value 4 32
Activity directory migration 4 23
Powershell script for inactive computer accounts 3 25
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question