Re: viewing all permissions

From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 12/10/04 

Date: Thu, 9 Dec 2004 16:44:16 -0700

Of course, figuring out if your servers are secure is more than just
knowing the accesses defined in NTFS and the shares.

However, for the NTFS and shares part, what can often be more
productive, even in the near-term but especially in the long run, is
to step back and ask
1. what is stored here - and map it out
2. who should be able to get to what and in which ways
then, ask
3. can I reorganize this at all so that things are more uniform
    (stuff with same answer to 2 maybe can be stored together
     rather than in bits and pieces on 4 partitions, etc.)

Now, if you really did 1 and 2 completely, then you should be
able to just ACL it so that it is as it should be.
Access that get broken are not supposed to be allowed.

And, if you can do 3 effectively, then you should end up with a
not too complicated, irregularly ACLed store, and that means
one for which you can likely define a security template so that
you can in the future
a) analyze and see if anything is not ACL'd as it should be
b) apply so that it is as it should be if it gets out of line

If the storage does not involve a lot of per-account personal
stores, and if your custom groups are already defined so you
can answer 2 in terms of them, then often doing 1 and 2 is
less effort than trying to read the dumpsec and similar programs'
outputs and then thunking through them. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA,  MCSE W2k3+W2k+Nt4
"dimsdale_007" <dimsdale007@discussions.microsoft.com> wrote in message 
news:46EAE83C-A2D2-4783-97F8-BF04117D5C9A@microsoft.com...
> looking for software that will scour network or even a server at a time 
> and
> come up with a list of permissions for each folder/file on the server.  i
> don't want to have to do a manual command line list for each folder/file 
> on
> every server.  i have the wonderful job of figuring out if my servers are
> secure..woohoo
>
> if anyone knows how to do this in windows or any 3rd party software i'd
> appreciate it!
>
> thanks!

Relevant Pages

  • Re: NTFS - Is it reliable?
    ... works under Novell Netware on XP clients, but not on 2003 server under XP clients. ... I assume that it uses NTFS by default, and I am also assuming that this is the cause of my ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Processing a Computer List
    ... NT Advanced Server - Personal ... D$ NTFS 114479 89074 25405 ... Computer Browser ... Network Card: ...
    (comp.lang.perl.misc)
  • Re: Processing a Computer List
    ... NT Advanced Server - Personal ... D$ NTFS 114479 89074 25405 ... Network Card: ... Registered Owner: home ...
    (comp.lang.perl.misc)
  • Re: Linux for Network Attached Storage?
    ... >>response the person helping him pointed out who is the one lost. ... Linux will not do what you asked for, ... >>This war makes it difficult to support NTFS, ... >>If your requirement is a file server that sits on an NTFS disk your best ...
    (alt.os.linux.redhat)
  • RE: Windows 2003 Server Terminal Services
    ... For instance you could deny access to Outlook through NTFS ... All that's left is to remove access to the task manager, ... accessing applications which they should run. ... MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.windows.terminal_services)