Anyone have a suggestion for a good tool for auditing folder/file permissions on a Windows file server? (open source or commercial).
cacls and xcacls is pretty lame when you have lots of groups and tons of subfolders. I’d like to be able to send the owner of the folder an easy to read report (remembering the folder owners are mostly non technical and BUILTINAdministrators Full Control [ALL] doesn’t mean too much to them), so they can determine if the access is appropriate. Obviously, over time as peole change job responsibilities and what not people end up with many more permissions then they require.
I have seen a demo from a vendor called Varonis and the tools looked pretty good. Wondering what other people out there are doing or have experienced. Especially any open source tools out there 🙂
I had pretty good results with DumpSec (formerly DumpACL), and its FREE
SomarSoft’s DumpSec is a security auditing program for Microsoft Windows® NT/XP/200x. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information.