Thursday, August 14, 2014

Auditing file permissions with Powershell and accesschk.exe

I needed to determine the level of access specific users had.  I used a mix of Powershell and accesschk.exe (You can download from here (new window): http://technet.microsoft.com/en-us/sysinternals/bb664922)
Using the command from powershell:
.\accesschk.exe –s “%DOMAIN%\%USER%” %DIRECTORYTOCHECK% | Out-File %LOGFILE%
eg: to find out which files in the f:\qld\ folder that the user SALES\johnsa has access to, logging to f:\it\access\johnsa.txt
.\accesschk.exe –s “SALES\Johnsa” f:\qld\ | Out-File f:\it\access\johnsa.txt
You can also restrict this to listing the directories that can be accessed, by using the –d switch:
.\accesschk.exe –s –d “SALES\Johnsa” f:\qld\ | Out-File f:\it\access\johnsa.txt

No comments:

Post a Comment