• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 350
  • Last Modified:

domain users or everyone group

If you have a large file server (56 shares) and you want to see what directories groups like everyone and domain users can access, how could you do this? i..e for this server, this domain group can access xyz
0
pma111
Asked:
pma111
  • 3
  • 2
  • 2
2 Solutions
 
Haresh NikumbhSr. Tech leadCommented:
0
 
pma111Author Commented:
I am not sure shareEnum is enough is it. Dont access and share permissions compete? I.e. most restrictive wins? If thats just reporting on shares inst that only half the story? And do they only report on root folders, i..e \\server\share, what about if your main interest is \\server\share\directory 1 \\server\share\directory 2
0
 
pma111Author Commented:
accesschk looks promising, however I just ran it against a server I was interested in, and specified a group, but it is a bit vague, it just lists certain folders I can access, but doesnt report what access I have to them, i.e. it could be just "list folder contents" which wouldnt be as much of a concern.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Haresh NikumbhSr. Tech leadCommented:
run following command from powershell

icacls \\server\share /t /c > outfile.txt

and check if this what you are looking?
0
 
dec0mpileCommented:
The tool that takecoffe mentioned (icacls) is the only way that i know to do this the Microsoft way. Unfortunately, the report is not very friendly.

At my company I need to do reports and generate them in user readable Excel format for auditing purposes. I used a tool called Hyena and it worked great for this purpose.

http://www.systemtools.com/hyena/
0
 
pma111Author Commented:
does icalcs report on both share and directory permissions, or just directory permissions? My understanding was the more restrictive of the 2 comes into effect.
0
 
dec0mpileCommented:
Here is another tool you can try. I have used this in the past to generate reports of large number of shares, and permissions for each down to the file level (it's free).

DumpSec: http://www.systemtools.com/somarsoft/

SomarSoft's DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now