Re: File Permission Audit Tool - Windows

Microsoft Baseline Security Analyzer does a nice job of summarizing 
permissions set on our shared folders on whatever system you run it 
against.

This won't help with non-shared folders, but it may be a good start.


On Tue, 25 Sep 2007, krymson@gmail.com wrote:

> I wish I could give you an easy open source/free tool, but I can't. Hopefully 
> someone else can so I can also use it. :)
>
> In case you do talk to some vendors, the biggest problem with reporting 
> permissions is dealing with duplicates. Tools like xcacls will report every 
> single object or folder, whether it is inherited or different from its parent. 
> You really want to eliminate all that garbage and only report explicit 
> permissions, with the assumption that inheritance is otherwise present 
> downstream. Almost an exception report.
>
>
> 1) Free, but nearly useless
> You could use cacls/xcacls, but the output you get will be next to useless.
>
> 2) Free, but a little effort
> Windows PowerShell allows for some excellent scripting of permissions audits 
> and other such stuff. If you know PS, you should use this as it affords you a 
> lot of customizable power.
>
> 3) Commercial, but very cool
> I really enjoyed my trials of ScriptLogic's Enterprise Security Reporter [1] a 
> year ago. You can get some nice reports on permissions
>
> [1] http://www.scriptlogic.com/products/enterprisesecurityreporter/
>
> <- snip ->
> I am looking for audit tool that will give me a report on all the file 
> permission on a windows 2000/2003 servers. I will prefer open source but would 
> be willing to look at commercial software if it is superior.