Solved

Display rights to folders

Posted on 2011-02-25
10
311 Views
Last Modified: 2012-05-11
Hello

I am looking for a way to export or display all of the rights a person has to folders

Is this possible?

thanks in advance


Environment
Server08 R2
0
Comment
Question by:briousd
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 34983479
CACLS
0
 
LVL 3

Author Comment

by:briousd
ID: 34983580
I have tried that thanks, actually it would be Icacls i believe but i think you can only check permissions on a folder with that

I would like to specify a domain user and have the ntfs permissions list out for that user
0
 
LVL 4

Accepted Solution

by:
pamiken earned 500 total points
ID: 34983735
Sorry, I meant Xcacls from the resource kit.  You can use the /T to recursively go through sub folders.  The output is not user friendly though.  

I've used dumpsec from
http://www.systemtools.com/somarsoft/   
on win 2003.
0
 
LVL 3

Author Comment

by:briousd
ID: 34983946
ok thanks, any guidance you can give on how to use dumpsec. i am assuming it gets installed on the file server, then what is next ?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34984240
Hi,

You can do this via powershell quite easily

First run this command to check if you can run ps code

Get-ExecutionPolicy
RemoteSigned

if it's something else then run the following command

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

If just want to check on Single file or Folder use the following command
Get-Acl -Path C:\windows | FL Path, AccessToString


For Bulk use this
Now run the following command to get folder path

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique

You can either copy from the console or redirect it to a csv file

get-childitem P:\folderName -recurse | foreach {$_.directoryName} | Get-Unique | Out-File -FilePath P:\Temp\inheritance.txt

Open the File, Add FolderName (can be anything) as header, rename the extension to .csv

Now

import-csv -path P:\temp\inheritance.csv | %{Get-Acl $_.FolderName} | FT Path, AccessToString -Wrap

0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:djpazza
ID: 34984666
0
 
LVL 3

Author Comment

by:briousd
ID: 34997407
Nice. thanks for the power shell info. I see you have how to display permissions on a folder, how would i view all permissions on a folder and subfolders for a specific domain user?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34998905
That's a bit tricky to get. But sure in PS you can achieve it. It would require me sometime before i can write up that code.
0
 
LVL 3

Author Comment

by:briousd
ID: 34998997
ah ok, a colleague just told me to look into an app called dumpsec
0
 
LVL 3

Author Comment

by:briousd
ID: 35000791
yes an application called dumpsec gets you specific rights when searching via user name
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Account lockouts 22 69
Joining two Windows domain into one subnet. 10 45
How to resolve user quota error? 13 40
Applying GPO in GPMC 8 14
I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now