Improve company productivity with a Business Account.Sign Up

x
?
Solved

alternative to security > advanced > effective permissions

Posted on 2013-06-26
5
Medium Priority
?
433 Views
Last Modified: 2013-07-15
I have been tasked with auditing 5x windows 2003 file servers to see what data on the many shares is accessible by domain wide groups such as everyone and domain users. Aside from just creating an account and only adding it to the domain users group, and then manually mounting the shares and seeing what access can I get to, are there any tools that can do an effective permissions report?

I did find sysinternals "accessChk" however I dont think its going to work, from what I gather it is not reporting on nested groups, so if domain users is added to a group, it wont report it as a finding. So an effective permissions report whether the domain users group is added to the ACL directly, or has access as it is a nested group within a group - would be fantastic. From what I can see accessEnum wont work either due to the same problem.

There must be a more sophisticated way of doing this rather than manual trawling.
0
Comment
Question by:pma111
5 Comments
 
LVL 9

Accepted Solution

by:
VirastaR earned 668 total points
ID: 39277364
0
 
LVL 85

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 668 total points
ID: 39277407
If the acl is set for a group and not a specified user than it will only return the 'group' and not a specific user.. you have to know what users are members of a particular group and then cross reference the information.

another way is to get a list of users and then run a script on all directories as that user and report the information out.
0
 
LVL 3

Author Comment

by:pma111
ID: 39280776
Does accessEnum only work at folder level (or can you configure it to) and not report on every single file on a share?
0
 
LVL 3

Author Comment

by:pma111
ID: 39280804
>another way is to get a list of users and then run a script on all directories as that user and report the information out.

Have you ever come across such?
0
 

Assisted Solution

by:Nate15329
Nate15329 earned 664 total points
ID: 39282781
DumpSec (freeware) works pretty well for dumping security permissions for file, network, shares, etc.

Run as domain admin

Just don't install hydra when running the setup.
0

Featured Post

Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
The intent of this article is not to tell you what solution to use (you know it better) or make a big bang change to your current regime (you are well aware of), but to share how the regime can be better and effective in streamlining the multiple pa…
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question