Need a tool
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
in Off-Topic
Does anyone know of a good tool that will go out and audit the NTFS security permissions on files and folders. We used script logics **** ACL but it isn't concise and **** out way too much uneeded crap.
Already tried MS' **** Sec. Anyone know of any others?
Already tried MS' **** Sec. Anyone know of any others?
There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
Comments
-
Slowhand
Mod Posts: 5,161 Mod
Sounds like a job for the scripting-gurus. I read a little about being able to audit NTFS permissions with both Kixtart and PowerShell, but I'm not nearly script-savvy enough to give advice on how to do it.
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do. -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
If you want to do this on a single server, AccessEnum from Sysinternals will do it. If you want to do it on multiple machines all I have experience with is Ecora.
And Ecora is too expensive for everyone... except maybe Ecora. -
pwjohnston
Member Posts: 441
Netstudent wrote:Does anyone know of a good tool that will go out and audit the NTFS security permissions on files and folders. We used script logics **** ACL but it isn't concise and **** out way too much uneeded crap.
Already tried MS' **** Sec. Anyone know of any others?
http://www.scriptlogic.com/ might have something for it. -
Netstudent
Member Posts: 1,693 ■■■□□□□□□□
We already tried Script logic's **** ACL and it isn;t very good. Thanks though.
Astors,
They have several products. Did you use Ecora Auditor Pro?
They have a trial version I could use, but it looks like a full blown solution.
I just tried AccessEnum but it **** audits on all the files. I actually just need the folder permissions for home directories.There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1! -
astorrs
Member Posts: 3,139 ■■■■■■□□□□
Yeah I wasn't really suggesting Ecora, its 900 times more than you need.
Okay, maybe I'll ask a few questions instead:
What do you plan on doing with this output? What format do you want (e.g., spreadsheet)? Are you going to compare it regularly to look for changes, is this a one time check, etc. -
blargoe
Member Posts: 4,174 ■■■■■■■■■□
+1. I tried this for the first time last week to check permissions on our user home folders.astorrs wrote:If you want to do this on a single server, AccessEnum from Sysinternals will do it.
If you have Hyena, you can also generate a report to tell you the security on each folder and subfolder of a share.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
+2 For AccessEnum. I wouldn't worry about the amount of data it gives you, save the scan as a .txt and then load it into Excel and it should auto-sort into columns (if not just use the super useful Text to Columns data option) then just sort and crop away, should take less than 30 seconds to have it in a useful format.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
