|
Posted by Steven L Umbach on March 30, 2006, 11:26 pm
Please log in for more thread options
I would not think what he did was unusual necessarily but I don't know all
the details. There are free tools you can use such as dumpsec that can scan
computers for folder and share permissions but it can not be configured to
look for only folders that a specific user has only permissions for his user
account. Showacls is supposed to be able to look for permissions by user but
I have had flaky results for it. You can use subinacl to search for the
owner of folders and a WHOLE lot more on a computer once you figure out it's
syntax. That user may be the owner of such folders. The links below may
help. --- Steve
http://www.somarsoft.com/ -- dumpsec
http://technet2.microsoft.com/WindowsServer/en/Library/ed34eee3-7dbd-44c6-8fb8-8b8b2c6f06dc1033.mspx
--- showacls, subinacl, and others
http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en
--- subinacl download
>I have a user that was a domain admin. I have found several folders sitting
>out there on various servers that have been restricted to his user account
>only, I had to take ownership to be able to delete the folders.
>
> Is there a program that can scan my servers for these weird security
> permissions looking for other things that he may have done?
>
> Dennis
>
>
| 
XML Sitemap