Several years ago I used a trial version of ScriptLogic's Enterprise Security Reporter. It did a rather excellent job of running permissions scans and group membership enumeration. I believe they still have the tool and you could run a trial if you're just looking for a one-time report.
I do also second scripting it with PowerShell, but only because I do that. It might be a bit out of scope to learn scripting enough to be workable that way. On Wed, Jun 3, 2009 at 5:51 AM, <[email protected]> wrote: > Thank you all for the running start I will test the various tools that was > mentioned and report back which one I think did the job best! > > Sent from my Verizon Wireless BlackBerry > > ------------------------------ > *From*: Tim Mugherini > *Date*: Tue, 2 Jun 2009 21:21:05 -0400 > *To*: PaulDotCom Security Weekly Mailing List< > [email protected]> > *Subject*: Re: [Pauldotcom] Folder and File Permission > > Dumpsec is your friend! Been around since NT 4 days and still useful. May I > suggest tweaking the settings to only show files and subfolders that differ > from parent and dumpt ACL perms and not share perms (since that is what it > sounds like what your after). Can be exported out. > > *http://www.systemtools.com/download/dumpacl.zip. > > * > On Tue, Jun 2, 2009 at 7:55 PM, Jody & Jennifer McCluggage < > [email protected]> wrote: > >> Hello, >> >> You may want to check out PowerShell. It is very flexible and has a >> "get-acl" commandlet that will return the permission on a list of folders >> and files. Here is a quick rough example: >> >> get-childitem C:\example -recurse | get-acl | select-object >> path,owner,group,accesstostring | sort-object owner | export-csv >> c:\FileACL.csv >> >> This command will pipe out to a csv file the Owner, Group, Path, and >> Permission string (sorted by owner) for each folder and file for the given >> parent directory. If you are looking just for specific permissions, you >> can >> probably pipe it out to a where-object command. Of course, depending upon >> the size of the directory you are scanning, this may take awhile to run. >> >> >> Jody >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of >> [email protected] >> Sent: Tuesday, June 02, 2009 6:13 PM >> To: PaulDotCom Security Weekly Mailing List >> Subject: [Pauldotcom] Folder and File Permission >> >> Hello All: >> >> I am looking for a way to scan all the files and folder on a set of >> Windows >> share to see who has read/write/deny permission. I tried using accessenum >> but since its so much individual files its kind of messy to go through. >> >> What are others using when the are giving a network and have to record who >> has what access? >> Sent from my Verizon Wireless BlackBerry >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> No virus found in this incoming message. >> Checked by AVG - www.avg.com >> Version: 8.5.339 / Virus Database: 270.12.51/2151 - Release Date: 06/02/09 >> 17:53:00 >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
