How to determine explicit permissions

Posted on 2014-01-20
Last Modified: 2014-01-21
Our long-time personnel manager is preparing to retire and his successor is transitioning over to his responsibilities.

The current user has explicit permissions (i.e. not part of a group) for various folders and files on our server.  I need to give the new user the same access.  Is there a way to easily determine all of the explicit permissions that have been granted to the current user??

Server O/S:  Windows 2000 Server w/ Active Directory
Question by:Kerry Wilson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Mike Kline
ID: 39794583
There are various tools that can help NTFS permissions reporter is decent

accessenum from Microsoft

You could also use a tool like subinacl to set the ACLs for the new user.



Author Comment

by:Kerry Wilson
ID: 39794708
The SysInternals program you mentioned is for Windows 2003 Server and higher.  Ours is Windows 2000 Server.

I'm checking further into the NTFS Permissions Reporter.
LVL 55

Expert Comment

ID: 39794779
Looks like a case for subinacl.exe
"SubInACL is a command-line tool that enables administrators to obtain security information about files, registry keys, and services, and transfer this information from user to user, from local or global group to group, and from domain to domain"
This download is for win2003. There is however also a subinacl for win2k as part of the nt4 and win2k resource kits. You may of course use the link I gave you and run it from win7 against your server.
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now


Accepted Solution

Biniek earned 500 total points
ID: 39795128
LVL 55

Expert Comment

ID: 39797918
Did you understand, what subinacl can do for you? Pretty much exactly what you were asking for.

Author Comment

by:Kerry Wilson
ID: 39798075
Yes, I think so.  But I didn't know where to find anything about the NT4 and W2K Resource Kits.  I've heard of Resource Kits but don't know anything about them.
LVL 55

Expert Comment

ID: 39798110
Well, why didn't you ask? That's what we are here for, aren't we? :)
Download my link (as I wrote before) and use it from win 7 against your server.
If that one makes problems, I could mail you the old executable if you need it.

Author Comment

by:Kerry Wilson
ID: 39798156
I didn't ask because the other two programs also did what I needed and I am a one-man IT department with 50 computers, more or less, in the building....just not enough hours in the day!  <grin>

Also, I don't have's XP Pro.  I wasn't sure if it would work and, again, don't have time for a lot of experimentation.
LVL 55

Expert Comment

ID: 39798168
Alright, good luck.
PS: what works on 2003 will work on xp, try it, if the task is not finished yet.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question