One of my IT Security role is to screen Network Access
Into a Windows Network environment, it is needed to screen the permission on Network Shares and to
- Create monthly or quarterly reports
- Compare the changes
- Communicate the report to the ‘Data Owner’
A great tool ‘AccessChk.exe’ allow to do that.
AccessChk.exe provides you with access to the files, registry keys or Windows services for the user or group that you specify. AccessChk.exe now supports a new option -a to query user rights assignment data directly from the LSA store.
First download AccessChk.exe from SysInternals Microsoft
On a command prompt type AccessChk.exe /?
Scan a Network Share (only top level), no banner, with all possible rights.
AccessChk.exe -q -d \\server\share
Add a timestamp to your search
for %%a in (%date%) do set datestamp=%%a
accesschk -rws "group" "folder target" > %datestamp%.txt