?
Solved

File and Folder permissions ...who has access to what?

Posted on 2014-03-11
5
Medium Priority
?
265 Views
Last Modified: 2014-06-27
I have a few file servers with thousand of folders and files. I need to know who has access to what files and folders without drilling down to each individual file and folder.

I'm now tasked with certifiying annually who has access to what files and folders and getting their supervisor to sign off on or ok their access....do they still need access to such and such. (This is a new process for the org, it hasn't been done in the past)

What free or low priced product is out there that I can install and checked access permissions on my Windows 2003 and 2008 file servers?
0
Comment
Question by:bernardb
5 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39922046
Here's a quick script to write permissions to a text file.  This could easily be modified to create a icacls AclFile for use later as a differential check, etc.

@echo off
setlocal enabledelayedexpansion
for /f "skip=1" %%d in ('wmic logicaldisk get caption^,providername^,drivetype^,volumename') do (
	set drive=%%d
	if not [!drive!]==[] if exist !drive!\ (
		set /p p=Processing DACLs on !drive!\<nul
		(icacls !drive!\* /t /c /q)>>perms_!drive!.txt 2>nul
		if exist perms_!drive!.txt (echo ...wrote !perms_!drive!.txt) else (echo.)
	)
)

Open in new window

0
 
LVL 26

Expert Comment

by:pony10us
ID: 39922052
0
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 39922068
You could look into Tripwire Enterprise.  Tripwire detects changes to 29 object properties (file/directory) and 21 registry key/values on Windows.

Specifically NTFS DACL, SACL, etc.
0
 
LVL 4

Expert Comment

by:michaelalphi
ID: 39922652
A good resource you can have check here(http://www.fileaccessauditing.com/) which seems a perfect match for such environment. Try this.
0
 

Author Comment

by:bernardb
ID: 40002872
Thanks everyone, sorry for the delay....checking and will get back to you.

Thanks for your responses.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question