Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

alternative to security > advanced > effective permissions

Posted on 2013-06-26
5
Medium Priority
?
424 Views
Last Modified: 2013-07-15
I have been tasked with auditing 5x windows 2003 file servers to see what data on the many shares is accessible by domain wide groups such as everyone and domain users. Aside from just creating an account and only adding it to the domain users group, and then manually mounting the shares and seeing what access can I get to, are there any tools that can do an effective permissions report?

I did find sysinternals "accessChk" however I dont think its going to work, from what I gather it is not reporting on nested groups, so if domain users is added to a group, it wont report it as a finding. So an effective permissions report whether the domain users group is added to the ACL directly, or has access as it is a nested group within a group - would be fantastic. From what I can see accessEnum wont work either due to the same problem.

There must be a more sophisticated way of doing this rather than manual trawling.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 9

Accepted Solution

by:
VirastaR earned 668 total points
ID: 39277364
0
 
LVL 83

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 668 total points
ID: 39277407
If the acl is set for a group and not a specified user than it will only return the 'group' and not a specific user.. you have to know what users are members of a particular group and then cross reference the information.

another way is to get a list of users and then run a script on all directories as that user and report the information out.
0
 
LVL 3

Author Comment

by:pma111
ID: 39280776
Does accessEnum only work at folder level (or can you configure it to) and not report on every single file on a share?
0
 
LVL 3

Author Comment

by:pma111
ID: 39280804
>another way is to get a list of users and then run a script on all directories as that user and report the information out.

Have you ever come across such?
0
 

Assisted Solution

by:Nate15329
Nate15329 earned 664 total points
ID: 39282781
DumpSec (freeware) works pretty well for dumping security permissions for file, network, shares, etc.

Run as domain admin

Just don't install hydra when running the setup.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question