Announcement

Collapse
No announcement yet.

a permissions tool...?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • a permissions tool...?

    anybody know of a 3rd party tool, where i can look at a user, and see which shares/folder he/she has rights on? alternatively, anything new in 2008 that would allow me to do this?

    thx!

  • #2
    Re: a permissions tool...?

    Hi, it was possible in 2003 without the need of a tool
    and now in 2008 or 2008R2 it is still the same.
    Log in to the machine or server with administrator priviliges.
    *Dril down to the folder or file
    *Rightclick it and select properties
    *select the security tab
    *Click on this window on the Advanced button
    *Select on the advanced window the Effective permissions tab
    *Click in the effective permissions window the select button
    *Fill in the user or group that you want to see the permissions
    *Click OK and voila!!!!

    Maybe needless to say that there is a lot of info on the web,
    check this:http://4sysops.com/archives/free-sol...e-permissions/

    Good luck.

    Comment


    • #3
      Re: a permissions tool...?

      thx, mhoogev.

      that is actually not what i am asking, though. i don't want to see folder permissions, i want to see user permissions. like, i click on user joseph bloe, and i can see all the folders/shares he has rights to.

      it's surprising to me that this is not a part of the windows environment. it's all just a big relational database of sids, and it works on a folder to see all users who have rights there; why not the other way around? this is something that comes up at work every year or so, and it's a lot of hunting and pecking to get the answer.

      thx again!

      Comment


      • #4
        Re: a permissions tool...?

        You could use accessenum.exe and shareenum.exe from the Sysinternals Suite. They can generate a csv of the permissions of a directory tree.

        www.sysinternals.com

        The reason this isn't centralized in Windows is because the permissions are attributes of the files and folders, not of the users. So to get all the resources a user has access to you need to know of all the resources and query the resource for the information. It's the mechanisms of the resource that provides the security, not the attributes of the account or even Active Directory.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: a permissions tool...?

          Originally posted by shmengie View Post
          anybody know of a 3rd party tool, where i can look at a user, and see which shares/folder he/she has rights on? alternatively, anything new in 2008 that would allow me to do this?

          thx!
          I am not really sure what would you achieve but here is your request for 3rd party tool.

          http://www.solarwinds.com/products/f...ive_directory/

          Comment


          • #6
            Re: a permissions tool...?

            thx, guys. i think accessenum is probably closest to what i'm looking for. still, i wish it were more granular. i would love to select a user, and have it scan the network and just report on that user's folder/share permissions.

            am i the only guy who thinks that would be a useful tool? in the whole wide world? just me? well, okay.

            thx again!

            Comment


            • #7
              Re: a permissions tool...?

              You're not the only one who wishes for something like that. I wish for that too. But it would only be practical in a small environment. Once you start to be a medium sized business a tool like that would become more and more resource intensive.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: a permissions tool...?

                I've been in the same situation for years so I recently developed a tool designed for exactly this purpose Its an NTFS permissions reporting tool which can give you a quick and easy way to view how permissions are structured on all of your shares but the filtering capabilities also make it easy to find permissions where a specific user account (or group, or computer account) has been used in permissions, either explicitly or via group membership. I should point out now that the filtering options are only available in the standard edition, but the free edition is still provides a lot more features than the sysinternals products mentioned above so hopefully will still help a lot of people out and be useful (there's no adverts or time limits or anything in it, just a couple of features like the command line support and filtering options are not available).

                Here's a few screenshots so you know what I'm talking about

                Results in tree view format:



                and table format:



                and here are the options you can configure when running a report:



                The idea being that you add all of your main server shares to that list at the top of the window (this list is saved between each time you run the program) and then when you want to check all locations that a user has access to you can just setup the filter to only find that user then tick all of the server shares in that list and run it.

                If you're interested you can find more info and a download link for the free edition here: http://cjwdev.co.uk/Software/NtfsReports/Info.html

                Hope it helps fellow IT Pros out
                Software for IT Pros that I've written: http://www.cjwdev.co.uk/Software.html

                My blog: http://cjwdev.wordpress.com

                Comment


                • #9
                  Re: a permissions tool...?

                  I highly recommend Chris's tool as well as I have been using it myself quite a lot.
                  However I will need to clarify though that although you can use the filtering option in the tool you have to be aware of the fact that's already been mentioned. NTFS Permissions are assigned to folders and files so you'll need to enumerate through them first and then filter out the results based on the user.
                  Caesar's cipher - 3

                  ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                  SFX JNRS FC U6 MNGR

                  Comment


                  • #10
                    Re: a permissions tool...?

                    Chris, looks interesting and I intend to try it out
                    A couple of questions:
                    1) is there an evaluation version of the standard edition to try the additional features
                    2) (cheeky request) would you consider offering Petri readers a discount?
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: a permissions tool...?

                      Thanks

                      In response to your questions:

                      1) I'm afraid there is no trial version of the standard edition at the moment, however you can just install the free edition and use that as an evaluation because that will still let you build the filters (so you can see what would be possible in the standard edition) but you just can't actually save or apply them. Obviously you can't test the command line support as its not available in the free edition at all (other than the /paths command to facilitate the explorer right click option) but you can see the available command line options and detailed descriptions here: http://www.cjwdev.co.uk/Software/Ntf...Ntfsv1-cmd.png
                      The reason I don't provide a full evaluation/trial version is because programs written in .NET are extremely easy to decompile so it would be very easy for someone to download the trial and then see where it is storing the information that tells it when the trial has expired and circumvent it.

                      2) I'm afraid not as I think I've already made it very cheap compared to other products. For example one of the rival products starts at $600 for a Site License (they don't offer single licenses) and has a $200 annual maintenance fee. Where as you can get a single license of my product for $150 and a Site License for $350, plus all of my licenses include free upgrades to all future versions. Sorry I hope this isn't starting to sound like a sales pitch, but you did ask I will say though that I have given discounts to a lot of people that helped test the BETA and provided good feedback, so if anyone did provide feedback on the BETA but has not received a discount code yet feel free to let me know and I'll send you one
                      Software for IT Pros that I've written: http://www.cjwdev.co.uk/Software.html

                      My blog: http://cjwdev.wordpress.com

                      Comment


                      • #12
                        Re: a permissions tool...?

                        No worries -- both worth a try!
                        Tom Jones
                        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                        PhD, MSc, FIAP, MIITT
                        IT Trainer / Consultant
                        Ossian Ltd
                        Scotland

                        ** Remember to give credit where credit is due and leave reputation points where appropriate **

                        Comment

                        Working...
                        X