Solved

File and Folder permissions ...who has access to what?

Posted on 2014-03-11
5
250 Views
Last Modified: 2014-06-27
I have a few file servers with thousand of folders and files. I need to know who has access to what files and folders without drilling down to each individual file and folder.

I'm now tasked with certifiying annually who has access to what files and folders and getting their supervisor to sign off on or ok their access....do they still need access to such and such. (This is a new process for the org, it hasn't been done in the past)

What free or low priced product is out there that I can install and checked access permissions on my Windows 2003 and 2008 file servers?
0
Comment
Question by:bernardb
5 Comments
 
LVL 14

Accepted Solution

by:
Giovanni Heward earned 500 total points
Comment Utility
Here's a quick script to write permissions to a text file.  This could easily be modified to create a icacls AclFile for use later as a differential check, etc.

@echo off
setlocal enabledelayedexpansion
for /f "skip=1" %%d in ('wmic logicaldisk get caption^,providername^,drivetype^,volumename') do (
	set drive=%%d
	if not [!drive!]==[] if exist !drive!\ (
		set /p p=Processing DACLs on !drive!\<nul
		(icacls !drive!\* /t /c /q)>>perms_!drive!.txt 2>nul
		if exist perms_!drive!.txt (echo ...wrote !perms_!drive!.txt) else (echo.)
	)
)

Open in new window

0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
0
 
LVL 14

Expert Comment

by:Giovanni Heward
Comment Utility
You could look into Tripwire Enterprise.  Tripwire detects changes to 29 object properties (file/directory) and 21 registry key/values on Windows.

Specifically NTFS DACL, SACL, etc.
0
 
LVL 4

Expert Comment

by:michaelalphi
Comment Utility
A good resource you can have check here(http://www.fileaccessauditing.com/) which seems a perfect match for such environment. Try this.
0
 

Author Comment

by:bernardb
Comment Utility
Thanks everyone, sorry for the delay....checking and will get back to you.

Thanks for your responses.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now