Re: File Permission Audit Tool - Windows

[Big Joe Jenkins <swarzkopf () legolas sinnerz us>]

Microsoft Baseline Security Analyzer does a nice job of summarizing 
permissions set on our shared folders on whatever system you run it 
against.

This won't help with non-shared folders, but it may be a good start.


On Tue, 25 Sep 2007, krymson () gmail com wrote:

> I wish I could give you an easy open source/free tool, but I can't. Hopefully someone else can so I can also use it. :)
>
> In case you do talk to some vendors, the biggest problem with reporting permissions is dealing with duplicates. Tools 
> like xcacls will report every single object or folder, whether it is inherited or different from its parent. You really 
> want to eliminate all that garbage and only report explicit permissions, with the assumption that inheritance is 
> otherwise present downstream. Almost an exception report.
>
>
> 1) Free, but nearly useless
> You could use cacls/xcacls, but the output you get will be next to useless.
>
> 2) Free, but a little effort
> Windows PowerShell allows for some excellent scripting of permissions audits and other such stuff. If you know PS, you 
> should use this as it affords you a lot of customizable power.
>
> 3) Commercial, but very cool
> I really enjoyed my trials of ScriptLogic's Enterprise Security Reporter [1] a year ago. You can get some nice reports 
> on permissions
>
> [1] http://www.scriptlogic.com/products/enterprisesecurityreporter/
>
> <- snip ->
> I am looking for audit tool that will give me a report on all the file permission on a windows 2000/2003 servers. I 
> will prefer open source but would be willing to look at commercial software if it is superior.