Jump to content

Wanted: More Advanced Administration Tool(s)

Guest Yarik

By Guest Yarik
in Windows 2003 Server

 Share

Recommended Posts

Guest Yarik

Guest Yarik

Posted
Posted

Hello,

 

Can anyone please recommend any software tool(s) that could help an

administrator (Windows 2003, Windows XP, and eventually Windows

Vista)

to quickly find answers on questions like these:

 

 

(1) For a given computer, show all the resources (files, folders,

registry entries, etc.) that have any permissions/restrictions

specified for a given account (local or domain-level account, user or

group)?

 

 

(2) For a given resource and account, show all the effective

permissions AND WHY EXACTLY EACH OF THESE PERMISSIONS IS WHAT IT IS?

Ideally, the tool should be aware of implied permissions too (like a

resource owner's implicit permission to change permissions for the

resource).

 

 

BTW, it would also be nice if the tool provided some additional help

in managing group memberships. For example, it would be nice if it

allowed to document memberships (i.e. for each group member, document

why exactly does this member has to be in this group).

 

 

Thank you,

Yarik.

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Anthony [MVP]

Guest Anthony [MVP]

Posted
Posted

Re: Wanted: More Advanced Administration Tool(s)

 

Yarik,

Have a look at the Sysinternals tools and then see if you need more:

http://technet.microsoft.com/en-us/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9.aspx.

AccessEnum does most of what you want.

The part of your question that says WHY EXACTLY: you would need to focus

that down to get any useful answer,

Hope that helps,

Anthony,

http://www.airdesk.co.uk

 

 

 

"Yarik" <yarik@garlic.com> wrote in message

news:61e0a54d-5946-49dc-abbc-3b7e812f8d97@r15g2000prh.googlegroups.com...

> Hello,

>

> Can anyone please recommend any software tool(s) that could help an

> administrator (Windows 2003, Windows XP, and eventually Windows

> Vista)

> to quickly find answers on questions like these:

>

>

> (1) For a given computer, show all the resources (files, folders,

> registry entries, etc.) that have any permissions/restrictions

> specified for a given account (local or domain-level account, user or

> group)?

>

>

> (2) For a given resource and account, show all the effective

> permissions AND WHY EXACTLY EACH OF THESE PERMISSIONS IS WHAT IT IS?

> Ideally, the tool should be aware of implied permissions too (like a

> resource owner's implicit permission to change permissions for the

> resource).

>

>

> BTW, it would also be nice if the tool provided some additional help

> in managing group memberships. For example, it would be nice if it

> allowed to document memberships (i.e. for each group member, document

> why exactly does this member has to be in this group).

>

>

> Thank you,

> Yarik.

>

>

Guest Will

Guest Will

Posted
Posted

Re: Wanted: More Advanced Administration Tool(s)

 

"Anthony [MVP]" <anthony@no-reply.com> wrote in message

news:%23ZY3MuS%23IHA.1016@TK2MSFTNGP03.phx.gbl...

> Yarik,

> Have a look at the Sysinternals tools and then see if you need more:

> http://technet.microsoft.com/en-us/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9.aspx.

> AccessEnum does most of what you want.

> The part of your question that says WHY EXACTLY: you would need to focus

> that down to get any useful answer,

 

I posted a similar question a few weeks ago. He wants something similar

to resultant set of policies (RSOP) applied to file system ACLs instead of

group policy. In other words, look at the ACL for the current folder or

file and explain clearly where is each setting coming from (e.g., the read

permission is inherited from three folders up, but the modify permission is

assigned locally on the object).

 

--

Will

 

> "Yarik" <yarik@garlic.com> wrote in message

> news:61e0a54d-5946-49dc-abbc-3b7e812f8d97@r15g2000prh.googlegroups.com...

>> Hello,

>>

>> Can anyone please recommend any software tool(s) that could help an

>> administrator (Windows 2003, Windows XP, and eventually Windows

>> Vista)

>> to quickly find answers on questions like these:

>>

>>

>> (1) For a given computer, show all the resources (files, folders,

>> registry entries, etc.) that have any permissions/restrictions

>> specified for a given account (local or domain-level account, user or

>> group)?

>>

>>

>> (2) For a given resource and account, show all the effective

>> permissions AND WHY EXACTLY EACH OF THESE PERMISSIONS IS WHAT IT IS?

>> Ideally, the tool should be aware of implied permissions too (like a

>> resource owner's implicit permission to change permissions for the

>> resource).

>>

>>

>> BTW, it would also be nice if the tool provided some additional help

>> in managing group memberships. For example, it would be nice if it

>> allowed to document memberships (i.e. for each group member, document

>> why exactly does this member has to be in this group).

>>

>>

>> Thank you,

>> Yarik.

Guest Yarik

Guest Yarik

Posted
Posted

Re: Wanted: More Advanced Administration Tool(s)

 

Thanks for the response!

 

Apparently my question (1) was not formulated properly. What I need is

to find all the ACL items explicitly referring to a given account.

 

For example, if a file ACL includes some permissions explicitly

specified for user "MyDomain\JohnDoe", I want this file to be found by

the utility (regardless of what those permissions are). However, if

"MyDomain\JohnDoe" has some permissions for a file just because this

user belongs to some group, I do NOT want this file to be found.

 

I tried AccessChk and AccessEnum - neither of them can do what I

need.

 

Neither of them helps with my problem (2) either...

 Share
Go to topic listing
×
×
  • Create New...