Easy Win2k Server Help

I need to know how to bring up a list of directory permissions on Win2k server. I suspect there’s a command line command for this?

If possible I would like to get a list of folders where UserX has Write perms.

If I can’t get that specific, a list of all folders and perms in my InetPub/wwwroot folder will do.

I’m setting up a new server and I don’t want to go through each folder and find perms.

ZipperJJ,

There are tools in the win2k resource kit that will do this. SHOWACLS is one of them:

(from the Windows 2000 Resource Kit):

"This command-line tool enumerates access rights for files, folders, and trees. It allows masking to enumerate only specific ACLs.

ShowACLs works on NTFS partitions only.

The most useful feature of ShowACLs is the ability to show permissions for a particular user. The method that ShowACLs uses to perform this is by enumerating the local and global groups that the particular user belongs to and matching the users security identifier (SID) and the SIDs of the groups the users belongs to, to the SIDs in each ACE entry.

NTFS uses Access Control Lists (ACLs) to set permissions for users and groups on objects. ACLs are made up of Access Control Entries (ACEs). Each ACE entry has information that controls the permissions for a specific user or group. There are currently four ACE type defined; Access Allowed, Access Denied, System Alarm and System Audit. Each ACE entry has a common ACE header and unique data structure. The SID associated with each ACE entry is contained in the data following the ACE header.

One of the problems with a command-line tool like ShowACLs is the amount of information that is contained in the ACL. The first version of ShowACLs attempted to display all the data in the access mask, which was very confusing. The latest version has adopted the “standard” permissions, Full, Change and Read-Only where appropriate. If a mask does not match these predefined values, the a raw dump of the mask is performed."

Also from the Resource Kit:

"ShowAcls Examples


showacls
G:\Program Files\Resource Kit
BUILTIN\Users Special Access [RX]
BUILTIN\Power Users Special Access [RWXD]
BUILTIN\Administrators Special Access [A]
NT AUTHORITY\SYSTEM Special Access [A]
CREATOR OWNER Special Access [A]
NT AUTHORITY\TERMINAL SERVER USER Special Access [RWXD]"

There may well be freeware tools that will do this, or do it better. http://www.sysinternals.com/ is always a good place to look. They have a tool called AccessEnum that might do what you need.
Hope this helps,

Max the bedraggled sysadmin.