you may also want to check out accesschk accessenum shareenum
from sysinternals http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx On Wed, Jun 3, 2009 at 11:12 AM, ben smith <[email protected]> wrote: > I've used ScriptLogic's ESR as well, and it does produce some excellent > reports. > Bindview was a great tool, but I think it's a bit overpriced these days. > > On Wed, Jun 3, 2009 at 12:38 PM, Michael Dickey <[email protected]>wrote: > >> Several years ago I used a trial version of ScriptLogic's Enterprise >> Security Reporter. It did a rather excellent job of running permissions >> scans and group membership enumeration. I believe they still have the tool >> and you could run a trial if you're just looking for a one-time report. >> >> I do also second scripting it with PowerShell, but only because I do that. >> It might be a bit out of scope to learn scripting enough to be workable that >> way. >> >> >> >> >> >> On Wed, Jun 3, 2009 at 5:51 AM, <[email protected]> wrote: >> >>> Thank you all for the running start I will test the various tools that >>> was mentioned and report back which one I think did the job best! >>> >>> Sent from my Verizon Wireless BlackBerry >>> >>> ------------------------------ >>> *From*: Tim Mugherini >>> *Date*: Tue, 2 Jun 2009 21:21:05 -0400 >>> *To*: PaulDotCom Security Weekly Mailing List< >>> [email protected]> >>> *Subject*: Re: [Pauldotcom] Folder and File Permission >>> >>> Dumpsec is your friend! Been around since NT 4 days and still useful. May >>> I suggest tweaking the settings to only show files and subfolders that >>> differ from parent and dumpt ACL perms and not share perms (since that is >>> what it sounds like what your after). Can be exported out. >>> >>> *http://www.systemtools.com/download/dumpacl.zip. >>> >>> * >>> On Tue, Jun 2, 2009 at 7:55 PM, Jody & Jennifer McCluggage < >>> [email protected]> wrote: >>> >>>> Hello, >>>> >>>> You may want to check out PowerShell. It is very flexible and has a >>>> "get-acl" commandlet that will return the permission on a list of >>>> folders >>>> and files. Here is a quick rough example: >>>> >>>> get-childitem C:\example -recurse | get-acl | select-object >>>> path,owner,group,accesstostring | sort-object owner | export-csv >>>> c:\FileACL.csv >>>> >>>> This command will pipe out to a csv file the Owner, Group, Path, and >>>> Permission string (sorted by owner) for each folder and file for the >>>> given >>>> parent directory. If you are looking just for specific permissions, you >>>> can >>>> probably pipe it out to a where-object command. Of course, depending >>>> upon >>>> the size of the directory you are scanning, this may take awhile to run. >>>> >>>> >>>> Jody >>>> >>>> -----Original Message----- >>>> From: [email protected] >>>> [mailto:[email protected]] On Behalf Of >>>> [email protected] >>>> Sent: Tuesday, June 02, 2009 6:13 PM >>>> To: PaulDotCom Security Weekly Mailing List >>>> Subject: [Pauldotcom] Folder and File Permission >>>> >>>> Hello All: >>>> >>>> I am looking for a way to scan all the files and folder on a set of >>>> Windows >>>> share to see who has read/write/deny permission. I tried using >>>> accessenum >>>> but since its so much individual files its kind of messy to go through. >>>> >>>> What are others using when the are giving a network and have to record >>>> who >>>> has what access? >>>> Sent from my Verizon Wireless BlackBerry >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> No virus found in this incoming message. >>>> Checked by AVG - www.avg.com >>>> Version: 8.5.339 / Virus Database: 270.12.51/2151 - Release Date: >>>> 06/02/09 >>>> 17:53:00 >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >>> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
