Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: File Permission Audit Tool - Windows

from [Herb Martin] Network Security [Permanent Link]
Subject: RE: File Permission Audit Tool - Windows
Date: Wed, 26 Sep 2007 11:06:22 -0400 
you could run cacls and dump it to a file for review later.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddoc
s/en-us/cacls.mspx?mfr=true


Along those lines are:  The built-in xcacls.exe (eXtended change access
control list) which offers more detail and control, or SetAcl.exe from
SourceForge which offers (nearly) full control and display of permissions
on most any object (not just NTFS files).  SetAcls probably has one of the
top three most irritating command line switch sets ever devices but this
is due mostly to the large number of things it can set and control.


In case you do talk to some vendors, the biggest problem with

reporting

permissions is dealing with duplicates. Tools like xcacls will report

every

single object or folder, whether it is inherited or different from

its parent.

You really want to eliminate all that garbage and only report

explicit

permissions, with the assumption that inheritance is otherwise

present

downstream. Almost an exception report.


There is an inherent problem (not insurmountable) with this type of strategy
as every file or object technically has its own permission EVEN IF those
permissions are inherited -- it is possible to programmatically distinguish
inherited permissions from explicitly set permissions in Win2000 and later 
(i.e., not for NT) however.


--
Herb Martin, MCSE MVP
512 388 7339
http://www.LearnQuick.Com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: File Permission Audit Tool - Windows, Steve Johnston
Next by Date:  Re: Anonymizing Packets yet ensuring 0 % packet loss, Rohin Koul
Previous by Thread:  Re: File Permission Audit Tool - Windows, jfvanmeter
Next by Thread:  Re: File Permission Audit Tool - Windows, Jay
Indexes:  [Date] [Thread] [Top] [All Lists]