Solved

How to determine explicit permissions

Posted on 2014-01-20
9
332 Views
Last Modified: 2014-01-21
Our long-time personnel manager is preparing to retire and his successor is transitioning over to his responsibilities.

The current user has explicit permissions (i.e. not part of a group) for various folders and files on our server.  I need to give the new user the same access.  Is there a way to easily determine all of the explicit permissions that have been granted to the current user??

Server O/S:  Windows 2000 Server w/ Active Directory
0
Comment
Question by:Kerry Wilson
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39794583
There are various tools that can help NTFS permissions reporter is decent   http://www.cjwdev.co.uk/Software/NtfsReports/Info.html

accessenum from Microsoft  http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

You could also use a tool like subinacl to set the ACLs for the new user.

Thanks

Mike
0
 

Author Comment

by:Kerry Wilson
ID: 39794708
The SysInternals program you mentioned is for Windows 2003 Server and higher.  Ours is Windows 2000 Server.

I'm checking further into the NTFS Permissions Reporter.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39794779
Looks like a case for subinacl.exe
"SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain" http://www.microsoft.com/en-us/download/details.aspx?id=23510
This download is for win2003. There is however also a subinacl for win2k as part of the nt4 and win2k resource kits. You may of course use the link I gave you and run it from win7 against your server.
0
 
LVL 6

Accepted Solution

by:
Biniek earned 500 total points
ID: 39795128
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 53

Expert Comment

by:McKnife
ID: 39797918
Did you understand, what subinacl can do for you? Pretty much exactly what you were asking for.
0
 

Author Comment

by:Kerry Wilson
ID: 39798075
Yes, I think so.  But I didn't know where to find anything about the NT4 and W2K Resource Kits.  I've heard of Resource Kits but don't know anything about them.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39798110
Well, why didn't you ask? That's what we are here for, aren't we? :)
Download my link (as I wrote before) and use it from win 7 against your server.
If that one makes problems, I could mail you the old executable if you need it.
0
 

Author Comment

by:Kerry Wilson
ID: 39798156
I didn't ask because the other two programs also did what I needed and I am a one-man IT department with 50 computers, more or less, in the building....just not enough hours in the day!  <grin>

Also, I don't have Win7....it's XP Pro.  I wasn't sure if it would work and, again, don't have time for a lot of experimentation.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 39798168
Alright, good luck.
PS: what works on 2003 will work on xp, try it, if the task is not finished yet.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now