• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1514
  • Last Modified:

AccessChk

Has anyone every run the AccessChk utility from Sys internals?

I am a bit perplexed by the findings?

I've run accesschk "domain users" across my H:\profile\desktop folder, and it returns lots of entries (i.e. indicating domain users can access my H:\profile\desktop folder".

It I run CACLS over the same folder, theres no entry for "domain users", so all I can imagine is CACLS is purely NTFS (directory) permissions, whereas accesschk is a cumulative of share/directory permissions?

Any ideas?
0
pma111
Asked:
pma111
  • 4
  • 3
1 Solution
 
McKnifeCommented:
> i.e. indicating domain users can access my H:\profile\desktop folder
Oh yeah? So how does it indicate that? accesscheck would list the permission type to the left of the filename (like "R" for read).
0
 
pma111Author Commented:
My impression was it only lists results where the user or group has permission on a specific file/folder? Is this not true? Does it also cover 'list folder contents' only entries? Or only read and write?
0
 
pma111Author Commented:
It seems a bit pointless if you have to supply a username or group over a directory your interested in (say 200 files) and you have to view each file to see what's to the left of the file name. Is there no way to filter down to only those files or directories a user or group can actually access ?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
McKnifeCommented:
Did you look at the parameters? There are P's for all your needs.
0
 
pma111Author Commented:
Can you provide some example syntax to just list files that a specific user can access in a specific directory (and leave out those they can't ? )
0
 
McKnifeCommented:
For example this shows all files with read or write access
accesschk -rw username path
0
 
pma111Author Commented:
Many thanks
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now