Solved

Display rights to folders

Posted on 2011-02-25
10
310 Views
Last Modified: 2012-05-11
Hello

I am looking for a way to export or display all of the rights a person has to folders

Is this possible?

thanks in advance


Environment
Server08 R2
0
Comment
Question by:briousd
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 34983479
CACLS
0
 
LVL 3

Author Comment

by:briousd
ID: 34983580
I have tried that thanks, actually it would be Icacls i believe but i think you can only check permissions on a folder with that

I would like to specify a domain user and have the ntfs permissions list out for that user
0
 
LVL 4

Accepted Solution

by:
pamiken earned 500 total points
ID: 34983735
Sorry, I meant Xcacls from the resource kit.  You can use the /T to recursively go through sub folders.  The output is not user friendly though.  

I've used dumpsec from
http://www.systemtools.com/somarsoft/    
on win 2003.
0
 
LVL 3

Author Comment

by:briousd
ID: 34983946
ok thanks, any guidance you can give on how to use dumpsec. i am assuming it gets installed on the file server, then what is next ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984240
Hi,

You can do this via powershell quite easily

First run this command to check if you can run ps code

Get-ExecutionPolicy
RemoteSigned

if it's something else then run the following command

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

If just want to check on Single file or Folder use the following command
Get-Acl -Path C:\windows | FL Path, AccessToString


For Bulk use this
Now run the following command to get folder path

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique

You can either copy from the console or redirect it to a csv file

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique | Out-File -FilePath P:\Temp\inheritance.txt

Open the File, Add FolderName (can be anything) as header, rename the extension to .csv

Now

import-csv -path P:\temp\inheritance.csv | %{Get-Acl $_.FolderName} | FT Path, AccessToString -Wrap

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 9

Expert Comment

by:djpazza
ID: 34984666
0
 
LVL 3

Author Comment

by:briousd
ID: 34997407
Nice. thanks for the power shell info. I see you have how to display permissions on a folder, how would i view all permissions on a folder and subfolders for a specific domain user?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34998905
That's a bit tricky to get. But sure in PS you can achieve it. It would require me sometime before i can write up that code.
0
 
LVL 3

Author Comment

by:briousd
ID: 34998997
ah ok, a colleague just told me to look into an app called dumpsec
0
 
LVL 3

Author Comment

by:briousd
ID: 35000791
yes an application called dumpsec gets you specific rights when searching via user name
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now