Educause Security Discussion mailing list archives

RESENT - File Sharing with Active Directory (AD) - migrating off of Novel File Sharing


From: "Conlee, Keith" <Conlee () COD EDU>
Date: Mon, 22 Feb 2010 15:39:55 -0600

TOPIC:  Security and File Sharing using Microsoft Active Directory (AD)

I apologize for resending this message.  The first time my Subject line was the generic date/time of issue of the 
current Security Digest and not about the topic of the text I posted.

We implement file sharing with Novell but will soon be migrating off of Novell and implementing file sharing with AD.  
With Novell file sharing the files/folders a user has access to are attributes of the user's Novell account (under the 
"Memberships", and "Rights to Files/Folders" tabs).  So it is very easy to find out what shared files/folders a user 
has access just by looking at what in recorded in the user's individual Novell account information.  BUT with 
implementing file sharing with AD, the designation of what files/folders a user has access is an attribute of each file 
or folder (at Properties->Security tab).  So with AD file sharing it is extremely difficult to know what files/folders 
an individual user has access to without going to each shared file/folder in the system and look to see if the user has 
access to it.  HELP!

QUESTION:  Is there a utility or a methodology out there somewhere that can be run against an AD file sharing 
implementation that I can execute with "user ID" variable that will generate a report of what files/folders the 
specified "user ID" has access to?

Thanks for any help you can give.  If you just want to contact me directly, my contact information is below.

Keith Conlee, CISSP, CBCP
Chief Security Officer, IT
College of DuPage
425 Fawell Blvd.
Glen Ellyn, IL 60137-6599

Ph. - 630.942.3055
Fax. - 630.790.0325 

Current thread: