Guest Will Posted July 29, 2008 Posted July 29, 2008 Is there a utility that will show which ACLs (chaining up from the current folder location) is the one that is responsible for each effective permission a user has on a file or folder? I have always understood that Modify permission in an ACL only gives the user the ability to change data, and not the ACL itself. Changing the ACL itself requires Full Control permission. I have a user with Modify access to a folder who is somehow able to add new users into the ACL. When you look at Effective permissions he does have the "Change Permission" permission. The thing we cannot figure out is where is this being inherited from. -- Will
Guest Haoqiang Posted July 29, 2008 Posted July 29, 2008 RE: User With Modify Permission Able to Add Users to ACL? You can download a tool named perms.exe from microsoft website. "Will" wrote: > Is there a utility that will show which ACLs (chaining up from the current > folder location) is the one that is responsible for each effective > permission a user has on a file or folder? > > I have always understood that Modify permission in an ACL only gives the > user the ability to change data, and not the ACL itself. Changing the ACL > itself requires Full Control permission. I have a user with Modify > access to a folder who is somehow able to add new users into the ACL. > When you look at Effective permissions he does have the "Change Permission" > permission. The thing we cannot figure out is where is this being > inherited from. > > -- > Will > > >
Guest Will Posted July 29, 2008 Posted July 29, 2008 Re: User With Modify Permission Able to Add Users to ACL? That's not what I am looking for. Perms appears to just dump permissions of files in the specified folder. I'm looking for something more in the spirit of the wonderful group policy tool "resultant set of policies" (RSOP) that shows you for any given policy which group policy made the setting. In terms of ACL security settings, the tool I am looking for would traverse the inheritance path of folders and file and determine which of the current - or inherited - ACL settings accounts for a given effective permission. -- Will "Haoqiang" <Haoqiang@discussions.microsoft.com> wrote in message news:69350EBA-2E63-4225-B133-6152A5A3FE21@microsoft.com... > You can download a tool named perms.exe from microsoft website. > > > "Will" wrote: > >> Is there a utility that will show which ACLs (chaining up from the >> current >> folder location) is the one that is responsible for each effective >> permission a user has on a file or folder? >> >> I have always understood that Modify permission in an ACL only gives the >> user the ability to change data, and not the ACL itself. Changing the >> ACL >> itself requires Full Control permission. I have a user with Modify >> access to a folder who is somehow able to add new users into the ACL. >> When you look at Effective permissions he does have the "Change >> Permission" >> permission. The thing we cannot figure out is where is this being >> inherited from. >> >> -- >> Will >> >> >>
Guest Special Access Posted July 29, 2008 Posted July 29, 2008 Re: User With Modify Permission Able to Add Users to ACL? On Mon, 28 Jul 2008 22:48:09 -0700, "Will" <westes-usc@noemail.nospam> wrote: >That's not what I am looking for. Perms appears to just dump permissions >of files in the specified folder. > >I'm looking for something more in the spirit of the wonderful group policy >tool "resultant set of policies" (RSOP) that shows you for any given policy >which group policy made the setting. In terms of ACL security settings, >the tool I am looking for would traverse the inheritance path of folders and >file and determine which of the current - or inherited - ACL settings >accounts for a given effective permission. Have you looked at Dumpsec? It is supposed to dump permssions as well for file and folders, along with other functions. http://www.somarsoft.com/ Mike
Recommended Posts