Solved

File and Folder permissions ...who has access to what?

Posted on 2014-03-11
5
255 Views
Last Modified: 2014-06-27
I have a few file servers with thousand of folders and files. I need to know who has access to what files and folders without drilling down to each individual file and folder.

I'm now tasked with certifiying annually who has access to what files and folders and getting their supervisor to sign off on or ok their access....do they still need access to such and such. (This is a new process for the org, it hasn't been done in the past)

What free or low priced product is out there that I can install and checked access permissions on my Windows 2003 and 2008 file servers?
0
Comment
Question by:bernardb
5 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39922046
Here's a quick script to write permissions to a text file.  This could easily be modified to create a icacls AclFile for use later as a differential check, etc.

@echo off
setlocal enabledelayedexpansion
for /f "skip=1" %%d in ('wmic logicaldisk get caption^,providername^,drivetype^,volumename') do (
	set drive=%%d
	if not [!drive!]==[] if exist !drive!\ (
		set /p p=Processing DACLs on !drive!\<nul
		(icacls !drive!\* /t /c /q)>>perms_!drive!.txt 2>nul
		if exist perms_!drive!.txt (echo ...wrote !perms_!drive!.txt) else (echo.)
	)
)

Open in new window

0
 
LVL 26

Expert Comment

by:pony10us
ID: 39922052
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39922068
You could look into Tripwire Enterprise.  Tripwire detects changes to 29 object properties (file/directory) and 21 registry key/values on Windows.

Specifically NTFS DACL, SACL, etc.
0
 
LVL 4

Expert Comment

by:michaelalphi
ID: 39922652
A good resource you can have check here(http://www.fileaccessauditing.com/) which seems a perfect match for such environment. Try this.
0
 

Author Comment

by:bernardb
ID: 40002872
Thanks everyone, sorry for the delay....checking and will get back to you.

Thanks for your responses.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question