Re: File Permission Audit Tool - Windows

[John Mason Jr <john.mason.jr () cox net>]

<http://www.microsoft.com/technet/sysinternals/Security/AccessEnum.mspx>

Might assist in filtering some of the output


John



krymson () gmail com wrote:
> I wish I could give you an easy open source/free tool, but I can't. Hopefully someone else can so I can also use it. 
> :)
>
>
>
> In case you do talk to some vendors, the biggest problem with reporting permissions is dealing with duplicates. Tools 
> like xcacls will report every single object or folder, whether it is inherited or different from its parent. You 
> really want to eliminate all that garbage and only report explicit permissions, with the assumption that inheritance 
> is otherwise present downstream. Almost an exception report.
>
>
>
>
>
> 1) Free, but nearly useless
>
> You could use cacls/xcacls, but the output you get will be next to useless.
>
>
>
> 2) Free, but a little effort
>
> Windows PowerShell allows for some excellent scripting of permissions audits and other such stuff. If you know PS, 
> you should use this as it affords you a lot of customizable power.
>
>
>
> 3) Commercial, but very cool
>
> I really enjoyed my trials of ScriptLogic's Enterprise Security Reporter [1] a year ago. You can get some nice 
> reports on permissions
>
>
>
> [1] http://www.scriptlogic.com/products/enterprisesecurityreporter/
>
>
>
> <- snip ->
>
> I am looking for audit tool that will give me a report on all the file permission on a windows 2000/2003 servers. I 
> will prefer open source but would be willing to look at commercial software if it is superior.