2
1
Is it possible to list all folders/files that a given group has explicit permissions on, for a machine running Windows Server 2003? If so, how? It would be nice to see inherited permissions as well, but I could do with just explicit permissions.
A little background: I'm trying to update groups/permissions on a test server. One of the groups, Devs
, wasn't implemented correctly when it was created, and my goal is to remove it from the system. It has been replaced by LeadDevelopers
, which has permissions on many — but naturally not all — of the same folders. I want to make sure that I don't accidentally orphan any folders or cause any other issues when I remove Devs
. It did have some admin-level permissions.
EDIT: The answers so far — at least *cacls
and AccessEnum
— provide a way to find out which groups/users have permissions on known directories/files. I actually want the reverse of this behavior: I know the group, and I'm looking for the directories/files for which the group has permissions. Also, as I noted in a comment, the Devs
group is not itself a member of any other group.
AccessEnum is probably your best bet (=1), but is still not a silver bullet, unfortunately. For your specific scenario it should help as it will highlight exceptions to the normal inhertiance, where Devs may have been given explicit permissions. Hopefully you are also taking into account nested group membership, so if Devs is a member of AllGeeks, you need to make sure LeadDevs is also in there or is given permissions at the same places as AllGeeks – AdamV – 2010-05-28T07:47:38.690
@AdamV, fortunately, I know neither
Devs
norLeadDevelopers
is a member of another group, but it's definitely a good point to keep in mind. – Pops – 2010-05-28T14:11:22.293