Click here to get back home

Finding folders where user was specifically given access
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Finding folders where user was specifically given access Jordan 09-11-2006
Posted by Jordan on September 11, 2006, 1:45 pm
Please log in for more thread options
 There are some folders on the network that some users have been given
specific access. The users are no longer here and I need to find the
folders where their name was specifically given access. Is there a script
or something that I can use to find folders with their specifically named
access?




Posted by Steven L Umbach on September 11, 2006, 10:58 pm
Please log in for more thread options
 There might be but you can also use ShareEnum or Dumpsec to get a report of
share permissions and then review for the user names. These are free tools.
Subinacl can be used to search a computer for user for NTFS permissions and
ownership.

Steve

http://www.sysinternals.com/Utilities/ShareEnum.html --- ShareEnum
http://www.somarsoft.com/ --- Dumpsec


> There are some folders on the network that some users have been given
> specific access. The users are no longer here and I need to find the
> folders where their name was specifically given access. Is there a script
> or something that I can use to find folders with their specifically named
> access?
>
>
>



Posted by Roger Abell [MVP] on September 12, 2006, 1:22 am
Please log in for more thread options
In the future consider use of groups that are well named to reflect
where they are used to grant access, and what access. Then,
your current issue is one of merely finding in what groups the
account holds membership, which is simple to do.

> There are some folders on the network that some users have been given
> specific access. The users are no longer here and I need to find the
> folders where their name was specifically given access. Is there a script
> or something that I can use to find folders with their specifically named
> access?
>
>
>



Posted by Jordan on September 12, 2006, 2:01 pm
Please log in for more thread options
Unfortunately, sometimes the access is so specific that it makes using
groups even more difficult to manage than just giving the user the access.
Also, the keepers / accumulators of the data often do not realize the
reprecussions of their haphazard folder making and create the problem that I
need to accomidate.


> In the future consider use of groups that are well named to reflect
> where they are used to grant access, and what access. Then,
> your current issue is one of merely finding in what groups the
> account holds membership, which is simple to do.
>
>> There are some folders on the network that some users have been given
>> specific access. The users are no longer here and I need to find the
>> folders where their name was specifically given access. Is there a
>> script
>> or something that I can use to find folders with their specifically named
>> access?
>>
>>
>>
>
>
>



Posted by Roger Abell [MVP] on September 12, 2006, 10:20 pm
Please log in for more thread options
understood, but still . . . (below)

> Unfortunately, sometimes the access is so specific that it makes using
> groups even more difficult to manage than just giving the user the access.

There is a short term and a long term cost/benefit to consider.
What you say is true if one overlooks the long term.

> Also, the keepers / accumulators of the data often do not realize the
> reprecussions of their haphazard folder making and create the problem that
> I need to accomidate.
>
Folders can be defined for their sharing needs such that they cannot change
the accesses on them. Now, being creator, and hence owner of what they
add does allow them to grant other than intended. First, this is capped by
use of effective share level permissions so that in fact they could only set
NTFS permissions that are subsets of the share level and have their changed
permissions effective as intended. If you set the permissions to meet the
intended/needed sharing, and defined a template for those permissions, and
periodically analyzed with the template, then: 1) you would see whatever is
altered from the intended, 2) you could provide areas for those new uses,
and 3) you could apply the template to put things back as intended (enough
of this and the users discover that they need to get an area defined for the
differing usage).
Storage administration is not always easy, and at times you must decide
to either be hard and hold a line, or to give up and deal with chaos.


>> In the future consider use of groups that are well named to reflect
>> where they are used to grant access, and what access. Then,
>> your current issue is one of merely finding in what groups the
>> account holds membership, which is simple to do.
>>
>>> There are some folders on the network that some users have been given
>>> specific access. The users are no longer here and I need to find the
>>> folders where their name was specifically given access. Is there a
>>> script
>>> or something that I can use to find folders with their specifically
>>> named
>>> access?
>>>
>>>
>>>
>>
>>
>>
>
>



Similar ThreadsPosted
Finding all ntfs folders showing a specific group in ACL... March 26, 2008, 4:43 pm
Hiding folders that a user does not have rights to access - WebDAV January 2, 2008, 2:37 pm
Finding Which Application Requires Specific User Privilege? December 26, 2006, 3:17 am
User folders permissions. June 7, 2007, 3:40 pm
Hide folders / files with no access October 4, 2006, 12:10 pm
Accessing folders owned by another user? December 6, 2007, 1:46 pm
Pulling out users different EFFECTIVE access rights to folders? June 29, 2005, 5:15 am
Read-Only Access to the entire server - everything , not just the Files & Folders October 23, 2005, 8:12 pm
Re: Admin access to roaming profiles (existing folders) November 19, 2007, 11:32 am
Re: Admin access to roaming profiles (existing folders) November 19, 2007, 11:20 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap