We help IT Professionals succeed at work.

Active Directory user folder/data access on a file server.

I need a script that will show me what active directory users
[Not Groups} have access to on a \\file server\data\folders , and whether they have r/w access.

Sysinternal AccessEnum output is an over kill for the HR dept to rap their heads around. So lets keep it simple.

THANK You!!
Comment
Watch Question

Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
If you have assigned USERS to file permissions, you're doing it wrong.  users should NEVER be assigned file or folder permissions EXCEPT for their home directories.  You ALWAYS create groups and assign permissions to groups (even if they are only groups of 1), adding and removing users as necessary.  The HR department should only need to review the groups to know if they have permissions.

I would correct the deficiency and then provide information on the groups.

There are several tools that can generate reports, including powershell.  Which one you use depends on which one you like the format of.
https://blog.netwrix.com/2017/08/18/top-5-free-tools-for-ntfs-permissions-reporting/

Author

Commented:
I am a new hire sys admin and hence the reason for this issue. I am correcting this issue.
Ref: https://www.experts-exchange.com/questions/21323602/NTFS-permission-Best-Practice.html
AGGDLP. Thank you -Looking into the link now to the tools.
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:

Author

Commented:
Thanks everyone for helping out. The tools are great , but my dilemma is that they are producing what us geeks want to see which is everything. Down to the actual file level : .pdf .dwg . xlsx . I just need to produce a report that shows 3 sub-folders deep i.e. \\share\hr\employees

I have looked through the tools/options/settings... and do not see an option to reduce -deduce the output.

Any ideas? -Thank you!
Lead Technical Architect
CERTIFIED EXPERT
Commented:
You could just try PowerShell:

Get-Acl c:\users\administrator |ft -autosize -wrap >> acls.txt

Changing the path as required.

Author

Commented:
Tony-

Scan through this article :
https://blogs.technet.microsoft.com/ashleymcglone/2014/03/17/powershell-to-find-where-your-active-directory-groups-are-used-on-file-shares/

I just need to scan 2 sub folders deep and produce a .csv for the Hr dept. Thank you for your help.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.