[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

domain users or everyone group

Posted on 2013-06-05
7
Medium Priority
?
329 Views
Last Modified: 2013-07-15
If you have a large file server (56 shares) and you want to see what directories groups like everyone and domain users can access, how could you do this? i..e for this server, this domain group can access xyz
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 22

Accepted Solution

by:
Haresh Nikumbh earned 1000 total points
ID: 39222527
0
 
LVL 3

Author Comment

by:pma111
ID: 39222578
I am not sure shareEnum is enough is it. Dont access and share permissions compete? I.e. most restrictive wins? If thats just reporting on shares inst that only half the story? And do they only report on root folders, i..e \\server\share, what about if your main interest is \\server\share\directory 1 \\server\share\directory 2
0
 
LVL 3

Author Comment

by:pma111
ID: 39222637
accesschk looks promising, however I just ran it against a server I was interested in, and specified a group, but it is a bit vague, it just lists certain folders I can access, but doesnt report what access I have to them, i.e. it could be just "list folder contents" which wouldnt be as much of a concern.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 22

Expert Comment

by:Haresh Nikumbh
ID: 39222806
run following command from powershell

icacls \\server\share /t /c > outfile.txt

and check if this what you are looking?
0
 
LVL 7

Assisted Solution

by:dec0mpile
dec0mpile earned 1000 total points
ID: 39223298
The tool that takecoffe mentioned (icacls) is the only way that i know to do this the Microsoft way. Unfortunately, the report is not very friendly.

At my company I need to do reports and generate them in user readable Excel format for auditing purposes. I used a tool called Hyena and it worked great for this purpose.

http://www.systemtools.com/hyena/
0
 
LVL 3

Author Comment

by:pma111
ID: 39225204
does icalcs report on both share and directory permissions, or just directory permissions? My understanding was the more restrictive of the 2 comes into effect.
0
 
LVL 7

Expert Comment

by:dec0mpile
ID: 39263664
Here is another tool you can try. I have used this in the past to generate reports of large number of shares, and permissions for each down to the file level (it's free).

DumpSec: http://www.systemtools.com/somarsoft/

SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question