I'm pretty sure that the sysinternals team has a program that does this as long as your happy with command line options, AccessChk or AccessEnum would probably be enough.
It's audit time and I've been asked by several schools to do a list of network users and their access rights.
I can list network users and their group memberships easily, but is there a way of being able to tell what effective permissions a group has without going through every folder on the server separately.
These are small schools with only 20 - 30 logins so if I have to do each one manually I can cope with this. I had a look at SolarWinds as a tool to automate this but am not 100% sure if it will do whatI want.
I'd never come across Sysinternals on there before and there's some cool stuff. I've looked at AccessChk and that shows the access rights for an individual user object which great, but there doesn't seem to be anything for security groups. I ran AccessEnum as well and that was useful to show permissions to a folder, but that's pretty much what you can get from right-clicking on the folder and checking the security.
Thanks for the heads-up on this software as it's great but it doesn't seem to quite do what I'm after.
Sorry about that, I use Sysinternals' other offerings extensively and it would have been my first port of call if i needed to accomplish what you require, there is another possibility that may fit your requirements better, DumpSec , however i must stress that I have never used this tool and I can't vouch for it, it may be worth testing in a sandboxed environment before letting lose in a live environment, I also enclose a discussion about this on the spiceworks community.
Audit of Folder Security - Spiceworks
And in case it is useful to anyone... by controlling group memberships and permissions using the methods outlined in this video, in the future you can 'just look it up in AD'.
Role-Based Management Extreme Makeover for Active Directory
and for school sized fileservers and domains, it isn't too painful to implement and retrofit over the course of a year.
At the moment, I have gone back to the network shares, and worked out the permissions from there. There might be a couple of inherited permissions I've missed but I think what I'm putting together will be enough for the auditors (I hope!)
There are currently 1 users browsing this thread. (0 members and 1 guests)