domain users or everyone group

If you have a large file server (56 shares) and you want to see what directories groups like everyone and domain users can access, how could you do this? i..e for this server, this domain group can access xyz
Who is Participating?
Haresh NikumbhConnect With a Mentor Sr. Tech leadCommented:
pma111Author Commented:
I am not sure shareEnum is enough is it. Dont access and share permissions compete? I.e. most restrictive wins? If thats just reporting on shares inst that only half the story? And do they only report on root folders, i..e \\server\share, what about if your main interest is \\server\share\directory 1 \\server\share\directory 2
pma111Author Commented:
accesschk looks promising, however I just ran it against a server I was interested in, and specified a group, but it is a bit vague, it just lists certain folders I can access, but doesnt report what access I have to them, i.e. it could be just "list folder contents" which wouldnt be as much of a concern.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Haresh NikumbhSr. Tech leadCommented:
run following command from powershell

icacls \\server\share /t /c > outfile.txt

and check if this what you are looking?
dec0mpileConnect With a Mentor Commented:
The tool that takecoffe mentioned (icacls) is the only way that i know to do this the Microsoft way. Unfortunately, the report is not very friendly.

At my company I need to do reports and generate them in user readable Excel format for auditing purposes. I used a tool called Hyena and it worked great for this purpose.
pma111Author Commented:
does icalcs report on both share and directory permissions, or just directory permissions? My understanding was the more restrictive of the 2 comes into effect.
Here is another tool you can try. I have used this in the past to generate reports of large number of shares, and permissions for each down to the file level (it's free).


SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.