Re: Dump ACL permissions on shares

You can use the Exporter Pro utility included with Hyena for this.

Re: Dump ACL permissions on shares

As far as I can work out you can dump share info , you can dump group info. However you cannot dump share, share security, NTFS perms all in the one report / txt or CSV whatever file.

I too would like to be able to run a report to dump the share name, the share security AND the NTFS permissons for every share on every server in our domain. From what I can guage this is not possible with the current version, unless I am mistaken ????

We are using Hy 5.7.2 with Exporter PRO.

Any help is appreciated.

P

[This message has been edited by panch (edited 07-11-2005).]

Re: Dump ACL permissions on shares

Share security and the NTFS security that is on the actual file directory being shared have nothing to do with one another, which is why they are in different exports. The security information is also different between shares and directories. Presenting a combination of these different security settings in one report might lead to a bit of confusion.

If you export the share security information, the share name (path to the share) is listed in the output, so you don't really need the share export unless you need the comment or other share settings.

Re: Dump ACL permissions on shares

Coming from an Admin background what you are saying doesnt make sense. Share security and NTFS perms go hand in hand.

The share security is shared as Authenticated Users FC.

Then NTFS permissions are used to lock the share down to the required groups using Domain local groups.

If the product cannot do it then thats ok, but we need a product that will allow us to audit the shares on the network, return information like Dumpsec but in a way that you dont have to mount the share or log on to the sever to run the app locally. I want to be able to click on a range of servers , select export security and have the share name, the path, the security settings, and the NTFS permissions for that share.

Can this product do this or not ?

Re: Dump ACL permissions on shares

Even though the share and NTFS permissions on a directory are entirely different, I believe that I can modify Exporter Pro to export them at the same time, thereby eliminating the step to set up a file/directory template and then have another file with more information in it than you need.

We'll be releasing a revised beta of Hyena and Exporter Pro today, so if you want to try this out, join the beta group by sending a blank email to [email protected].

You can run the modified Exporter Pro independent of Hyena to test this out. See the information in the beta.html file once you get the beta update notice on how to use this new Exporter Pro feature.

Please send any feedback directly to [email protected]

Thank you.

Re: Dump ACL permissions on shares

If I understand this correctly, with the new version of Hyena v6.5.E you can perform reporting on \\shares\folders underkneath the folders\... and it will allow you see who has access to what folder and what type of access they<USERS> do have at that certain folder depth ?

I am attending an AD & Win2K3 Security training class at this time, and was asking my instructors and they suggested using DumpSec ( http://somarsoft.com/) but this almost sounds like this is what has been added into this version of 6.5.E Exporter Pro?

And if not, can someone direct me towards a app that will do this, being that in our environment they have folders that are deep in folder barried length with individual users on them with various permissions, and would like to clean it up a tad and nest people in groups and then apply the permissions accordingly so it can be applied alot easier and not have to guess were all they need to have access to, and then when a model after-user is used from AD with group permissions added to that user, they actually get the permissions intended in that sense.


Thanks and sorry for being so big winded...

- Jeff Douglas

Re: Dump ACL permissions on shares

Exporter Pro has for some time had the capability to export the NTFS security information on any directory, including on subdirectories. By setting up a file/directory template, you can specify which directories you want to dump the security information on.

Similarly, you can also export just the share permissions as well.

If you want a product that is specifically designed for NTFS security administration, consider Security Explorer, now part of ScriptLogic. But be prepared to pay some $$$.

What the above post referenced is that with the current beta release of Exporter Pro (part of Hyena's current beta), you can now export the shared directory's security without the need of setting up a file/directory template. So, if you have a share named "jsmith" at \\fileserver\data\jsmith, you can now get the share permissions for the share 'jsmith' and the NTFS permissions on the \jsmith directory in the same output file.

However, if you want to process subdirectories under \jsmith, then you still need to set up a file/directory template in order to do that.

99% of what DumpSec can do is included in Exporter Pro, and Exporter Pro can perform more features than DumpSec. Keep in mind that somarsoft.com is just redirected to SystemTools.com, as we provide DumpSec as a free utility. Our focus, however, is to continue to improve Exporter Pro for any exporting requirements.

Re: Dump ACL permissions on shares

Thank you for the quick reply, its very much appreciated.

Can you tell me how to make this file directory/template so I can use it for running this process?

And yes script logic is rather pricey, they seem kinda proud of there products, we actually viewed there demo of desktop authority recently for pushing software updates and application deployment and it was pretty nice, but again rather pricey in the long run to.

- Jeff D.

Re: Dump ACL permissions on shares

In Exporter Pro you will view the properties for the File/Directory export. Click New to create a new template. Fill in the template name and output file location information and then click the Add button beside the Share Directory Paths box.

On that dialog you can either specify the share path you want, or choose specific share types such as admin shares (C$, D$, etc). There's also an option to scan all folders beneath that point, or just the top level of the shares specified.

Re: Dump ACL permissions on shares

Thanks, I will try it and see how I make out!

- Jeff