Clicky

My boss is asking that I generate a list or report from our home directory servers (2k3 systems), that will provide ACLs and or NTFS permissions detailing who has access to what. We want to run an audit on our home directories to make sure all ACLs are similiar that Administrators have Full rights, Systems have full rights, and the user who the home directory belongs to have up to modify rights on there home folder. So generating a list that will show anything out of the norm would help as well. Max points granted.

asked 09/08/2011 03:21

ksol's gravatar image

ksol ♦♦


6 Answers:
A simple utility for this is Sysinternal's AccessEnum. It's available here: http://technet.microsoft.com/en-us/sysinternals/bb897332

-Matt-
link

answered

connectex's gravatar image

connectex

The way home directories are set on my network (see attachment). every user has a home folder with up to modify rights only, and ADMINISTRATOR and SYSTEM has full control of each user's home directory folder. We want to keep in within that standards. As of late, we noticed that some user's home directory folder can be accessed by someone else (non-admin). Being that we have hundreds of users home directory folder, we need a tool that would just audit, and let us know if there is something out of the norm or standards. Maybe if there is a command we can run natively on the server like icacls commands, that would help. Something that will produce a report that is not granular.          
Doc1.docx
  • 142 KB
  • home directories structure
Doc1.docx
    link

    answered 2011-09-08 at 11:33:33

    ksol's gravatar image

    ksol

    AccessEnum will dump the user rights assignments in to a printable/reviewable format. If you want something customized to your exact needs, I recommended creating script (VBScript, PowerShell, etc.) to review and report on any non-standard permissions. Basically it's recurse through all subfolders (one or multiple levels, as needed), retrieve and check rights skip over administrator, system, username. Report any other entries in the permissions list, Next folder until subfolder list is complete.

    -Matt-
    link

    answered 2011-09-08 at 13:33:44

    connectex's gravatar image

    connectex

    Another possiblity is to use something like SetACL or icalcs in a batch file or such. To set the permissions as desired. This won't let you audit them but if ran on a regular basis it will reset them to a known state.

    -Matt-
    link

    answered 2011-09-08 at 13:57:39

    connectex's gravatar image

    connectex

    I found a tool called Hyena that did the job.
    link

    answered 2011-09-08 at 13:59:50

    ksol's gravatar image

    ksol

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    link

    answered 2011-09-23 at 13:01:45

    Tolomir's gravatar image

    Tolomir

    Your answer
    [hide preview]

    Follow this question

    By Email:

    Once you sign in you will be able to subscribe for any updates here

    By RSS:

    Answers

    Answers and Comments

    Tags:

    Asked: 09/08/2011 03:21

    Seen: 306 times

    Last updated: 11/18/2011 05:22