I needed to determine the level of access specific users had. I used a mix of Powershell and accesschk.exe (You can download from here (new window): http://technet.microsoft.com/en-us/sysinternals/bb664922)
Using the command from powershell:
.\accesschk.exe –s “%DOMAIN%\%USER%” %DIRECTORYTOCHECK% | Out-File %LOGFILE%
eg: to find out which files in the f:\qld\ folder that the user SALES\johnsa has access to, logging to f:\it\access\johnsa.txt
.\accesschk.exe –s “SALES\Johnsa” f:\qld\ | Out-File f:\it\access\johnsa.txt
You can also restrict this to listing the directories that can be accessed, by using the –d switch:
.\accesschk.exe –s –d “SALES\Johnsa” f:\qld\ | Out-File f:\it\access\johnsa.txt
Nice blog post, I am pleased to read this post related to auditing share folder I found file access auditing tool which helps to monitor unauthorized file server accessing in a specific date and time on windows server and know who accessed all files and folders from which location by whom.
ReplyDeleteGreat article, it provides the steps to audit file share and folder on your computer by setting the permission type to record successful or failed access attempts. I tried automated tool from https://www.netwrix.com/file_server_auditing.html which assists to audit file/folder and provides facilitate complete information on all changes made to file servers and every file server access activities . This tool generates real-time alerts on all the critical changes made in file servers’ files, folder structures, shares, permissions and other related items.
ReplyDelete