Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: File Permission Audit Tool - Windows

From: "Herb Martin" <HerbM () LearnQuick Com>
Date: Wed, 26 Sep 2007 11:06:22 -0400
you could run cacls and dump it to a file for review later.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddoc
s/en-us/cacls.mspx?mfr=true


Along those lines are:  The built-in xcacls.exe (eXtended change access
control list) which offers more detail and control, or SetAcl.exe from
SourceForge which offers (nearly) full control and display of permissions
on most any object (not just NTFS files).  SetAcls probably has one of the
top three most irritating command line switch sets ever devices but this
is due mostly to the large number of things it can set and control.


In case you do talk to some vendors, the biggest problem with

reporting

permissions is dealing with duplicates. Tools like xcacls will report

every

single object or folder, whether it is inherited or different from

its parent.

You really want to eliminate all that garbage and only report

explicit

permissions, with the assumption that inheritance is otherwise

present

downstream. Almost an exception report.


There is an inherent problem (not insurmountable) with this type of strategy
as every file or object technically has its own permission EVEN IF those
permissions are inherited -- it is possible to programmatically distinguish
inherited permissions from explicitly set permissions in Win2000 and later 
(i.e., not for NT) however.


--
Herb Martin, MCSE MVP
512 388 7339
http://www.LearnQuick.Com
Previous By Date Next
Previous By Thread Next

Current thread: