Solved

Display rights to folders

Posted on 2011-02-25
10
312 Views
Last Modified: 2012-05-11
Hello

I am looking for a way to export or display all of the rights a person has to folders

Is this possible?

thanks in advance


Environment
Server08 R2
0
Comment
Question by:briousd
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 34983479
CACLS
0
 
LVL 3

Author Comment

by:briousd
ID: 34983580
I have tried that thanks, actually it would be Icacls i believe but i think you can only check permissions on a folder with that

I would like to specify a domain user and have the ntfs permissions list out for that user
0
 
LVL 4

Accepted Solution

by:
pamiken earned 500 total points
ID: 34983735
Sorry, I meant Xcacls from the resource kit.  You can use the /T to recursively go through sub folders.  The output is not user friendly though.  

I've used dumpsec from
http://www.systemtools.com/somarsoft/   
on win 2003.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 3

Author Comment

by:briousd
ID: 34983946
ok thanks, any guidance you can give on how to use dumpsec. i am assuming it gets installed on the file server, then what is next ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984240
Hi,

You can do this via powershell quite easily

First run this command to check if you can run ps code

Get-ExecutionPolicy
RemoteSigned

if it's something else then run the following command

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

If just want to check on Single file or Folder use the following command
Get-Acl -Path C:\windows | FL Path, AccessToString


For Bulk use this
Now run the following command to get folder path

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique

You can either copy from the console or redirect it to a csv file

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique | Out-File -FilePath P:\Temp\inheritance.txt

Open the File, Add FolderName (can be anything) as header, rename the extension to .csv

Now

import-csv -path P:\temp\inheritance.csv | %{Get-Acl $_.FolderName} | FT Path, AccessToString -Wrap

0
 
LVL 9

Expert Comment

by:djpazza
ID: 34984666
0
 
LVL 3

Author Comment

by:briousd
ID: 34997407
Nice. thanks for the power shell info. I see you have how to display permissions on a folder, how would i view all permissions on a folder and subfolders for a specific domain user?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34998905
That's a bit tricky to get. But sure in PS you can achieve it. It would require me sometime before i can write up that code.
0
 
LVL 3

Author Comment

by:briousd
ID: 34998997
ah ok, a colleague just told me to look into an app called dumpsec
0
 
LVL 3

Author Comment

by:briousd
ID: 35000791
yes an application called dumpsec gets you specific rights when searching via user name
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now