Security Basics mailing list archives
RE: File Permission Audit Tool - Windows
From: "Martyn Smith" <MSmith () col-westanglia ac uk>
Date: Wed, 26 Sep 2007 16:34:19 +0100
You can also use SetACL to do an ACL backup recursively which you can then compare against your desired policy. Martyn Smith IT Network Coordinator The College of West Anglia -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Big Joe Jenkins Sent: 26 September 2007 14:49 Cc: security-basics () securityfocus com; security-basics-return-45887 () securityfocus com Subject: Re: File Permission Audit Tool - Windows Microsoft Baseline Security Analyzer does a nice job of summarizing permissions set on our shared folders on whatever system you run it against. This won't help with non-shared folders, but it may be a good start. On Tue, 25 Sep 2007, krymson () gmail com wrote:
I wish I could give you an easy open source/free tool, but I can't. Hopefully someone else can so I can also use it. :) In case you do talk to some vendors, the biggest problem with reporting permissions is dealing with duplicates. Tools like xcacls will report every single object or folder, whether it is inherited or different from its parent. You really want to eliminate all that garbage and only report explicit permissions, with the assumption that inheritance is otherwise present downstream. Almost an exception report. 1) Free, but nearly useless You could use cacls/xcacls, but the output you get will be next to useless. 2) Free, but a little effort Windows PowerShell allows for some excellent scripting of permissions audits and other such stuff. If you know PS, you should use this as it affords you a lot of customizable power. 3) Commercial, but very cool I really enjoyed my trials of ScriptLogic's Enterprise Security Reporter [1] a year ago. You can get some nice reports on permissions [1] http://www.scriptlogic.com/products/enterprisesecurityreporter/ <- snip -> I am looking for audit tool that will give me a report on all the file permission on a windows 2000/2003 servers. I will prefer open source but would be willing to look at commercial software if it is superior.
********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error you must take no action based on them - nor must you copy or show them to anyone. Please notify the College of West Anglia on 44 - (0) 1553 815325. This email contains the views of the sender and may not be respresentative of the views of The College of West Anglia. This footnote also confirms that this email message has been swept for the presence of computer viruses. **********************************************************************
Current thread:
- Re: File Permission Audit Tool - Windows krymson (Sep 25)
- Re: File Permission Audit Tool - Windows John Mason Jr (Sep 26)
- Re: File Permission Audit Tool - Windows Big Joe Jenkins (Sep 26)
- RE: File Permission Audit Tool - Windows Martyn Smith (Sep 26)
- <Possible follow-ups>
- Re: File Permission Audit Tool - Windows jfvanmeter (Sep 26)
- RE: File Permission Audit Tool - Windows Herb Martin (Sep 26)
- Re: File Permission Audit Tool - Windows Jay (Sep 26)
- Re: RE: File Permission Audit Tool - Windows b2loggie (Sep 27)