Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Tool that can report NTFS permissions by group?

Status
Not open for further replies.
hillboy

hillboy

Technical User
Joined
May 13, 2002
Messages
53
I am looking for a tool that can report the NTFS permissions on our file server based on group membership.

My problem is that I have a few hundred global groups and need to know which groups are outdated and do not have permissions on the file server. If a group doesn't have any permissions then I know that I can delete it.

Thanks in advance for any help.
 
Sort by date Sort by votes
HI.

You can do it in 4 steps.

1) Create a report of the NTFS permissions, and save it to a text file.
You can use a tool like DumpSec from here:
Let's say you saved the report to file:
C:\PERMISSIONS.TXT

2) Create a list of group names:
NET GROUP >GROUPLIST.TXT

3) Create a batch file that takes 1 parameter (group name) and checks if that parameter is found in the report.
Something similar to this one:
Lest call the batch file: LOOKFORGROUP.CMD

FIND /I "%1" C:\PERMISSIONS.TXT
IF ERRORLEVEL 1 ECHO %1 >>C:\NOTFOUND.TXT

Test by running the batch file to verify that it works as expected.

4) Now play with the GROUPLIST.TXT file in a powerfull text editor (like NOTEPAD) to create a batch file that will run the previous batch file agains any group in the list, something like this:

CALL LOOKFORGROUP.CMD GROUP1
CALL LOOKFORGROUP.CMD GROUP2
CALL LOOKFORGROUP.CMD GROUP3
....

An alternate option of the above step, you can keep the GROUPLIST.TXT file as is (just trim the first few unneeded lines from it), and use a command like this:

FOR /F %G IN (GROUPLIST.TXT) DO LOOKFORGROUP.CMD %G

This will work on XP machines. I don't think that the FOR /F syntax works on NT4 .


I suggest that you take the initial reports from the real server, but run the batch files on a workstation and not at the server itself.

Good luck.


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question Question
Can not copy files to Mapped drive
Replies
0
Views
995
microsGuy16
microsGuy16
andyferris
  • Locked
  • Question Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
469
RRankin355
RRankin355
maybeimaleo
  • Locked
  • Question Question
Can SMTP Be Migrated From 2008 R2 to 2019?
Replies
1
Views
525
maybeimaleo
maybeimaleo
Fireksf
  • Locked
  • Question Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
485
MarkSweetland
MarkSweetland
kurio71
  • Locked
  • Question Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
300
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top