Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RESENT - File Sharing with Active Directory (AD) - migrating off of Novel File Sharing

From: Chris Green <cmgreen () UAB EDU>
Date: Mon, 22 Feb 2010 16:02:54 -0600
Try: 

http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx

AD does do a good job of displaying what GROUPS someone is a member of so if you can enforce most permissions are done 
by group, you can take care of most of your typical edge cases.  However, it just takes one lazy ACL to get that to be 
a "scan everything".   

On the same topic, anyone know a simple way to do similar for SharePoint?

Thanks,
Chris

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Conlee, 
Keith
Sent: Monday, February 22, 2010 3:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] RESENT - File Sharing with Active Directory (AD) - migrating off of Novel File Sharing

TOPIC:  Security and File Sharing using Microsoft Active Directory (AD)

I apologize for resending this message.  The first time my Subject line was the generic date/time of issue of the 
current Security Digest and not about the topic of the text I posted.

We implement file sharing with Novell but will soon be migrating off of Novell and implementing file sharing with AD.  
With Novell file sharing the files/folders a user has access to are attributes of the user's Novell account (under the 
"Memberships", and "Rights to Files/Folders" tabs).  So it is very easy to find out what shared files/folders a user 
has access just by looking at what in recorded in the user's individual Novell account information.  BUT with 
implementing file sharing with AD, the designation of what files/folders a user has access is an attribute of each file 
or folder (at Properties->Security tab).  So with AD file sharing it is extremely difficult to know what files/folders 
an individual user has access to without going to each shared file/folder in the system and look to see if the user has 
access to it.  HELP!

QUESTION:  Is there a utility or a methodology out there somewhere that can be run against an AD file sharing 
implementation that I can execute with "user ID" variable that will generate a report of what files/folders the 
specified "user ID" has access to?

Thanks for any help you can give.  If you just want to contact me directly, my contact information is below.

Keith Conlee, CISSP, CBCP
Chief Security Officer, IT
College of DuPage
425 Fawell Blvd.
Glen Ellyn, IL 60137-6599

Ph. - 630.942.3055
Fax. - 630.790.0325
Previous By Date Next
Previous By Thread Next

Current thread: