Tool to learn what security groups grant a user effective permissions to a resource

Hi everyone,

In a Windows 2008 domain, I'm having a hard time trying to audit certain permissions users are getting since there is no rhyme or reason why certain groups are named what they're named, without any descriptions whoatsoever. The fact that most of these groups are nested in another group, which is also likely nested, makes the task pretty difficult.

I find it kind of helpful that I can right click a file or folder and head over to security ... effective permissions tab, which lets me know what a person currently has access to do within the directory/file, but is there a way, or a tool I can utilize, that will also let me know the exact group/groups the effective permissions tab is pulling from?

KJ
LVL 1
kj_syenceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
DumpSec http://www.systemtools.com/somarsoft/?somarsoft.com

or

AccessChk
This tool shows you the accesses the user or group you specify has to files, Registry keys or Windows services.

 AccessEnum
This simple yet powerful security tool shows you who has what access to directories, files and Registry keys on your systems. Use it to find holes in your permissions

the latter two are from Sysinternals

http://technet.microsoft.com/en-us/sysinternals/bb795534
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kj_syenceAuthor Commented:
All of these tools are great, but it doesn't really answer my question. I'm basically want a tool that prompts for a username and a shared directory/file, that will then give me the RWXD status and also list any security groups the user may be in that is granting him/her that access. Security group nesting is a bit out of control here and something like this would be great until we fix the underlying issue.

The effective permissions tab would be perfect if it not only showed the effective permissions for a user, but also listed every group that user is a member of that makes up the effective permissions.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.