command-line tool to inspect security settings of users and shares ?

By VicRic
Mar 26, 2007
  1. Heeey, guys,

    Do you know of any command-line tool in Windows 2000 to review to the max the access rights of both users and shares ?

    I'm having a really weird problem, somewhat related to a previous question:

    In this case I'm trying to create Home Folders on a Windows 2000 domain environment (not Win2003 as in the previous post). The problem is that a particular user is able to browse the network, then browse the Home_Folders folder, and then have read+write access not only to his own folder but also to the ones of the other users.

    This anomaly shows up only for this particular user, and only when this user logs into his own machine, a Windows XP system. He is also set up as Local Administrator in his Local Machine, but he's just a normal User in the Domain (Active Directory).

    When he logs-in to another client machine running Windows2000Pro he doesn't have, as expected, any access to other folders but his own - even when I test setting him up as Local Administrator on that Win2000Pro machine.

    This problem could be related to the fact that a Windows XP machine is part of a Windows 2000 domain (domain of 2 Win2000 DCs), however I think it has more to do with the particular user, because when I try to duplicate the problem with another user (giving him Local Admin rights and then getting him to log-in to the XP machine) the problem doesn't show up.

    I only hope if there's a tool to inspect closely the security settings I could find the real cause of this problem.

  2. Striker840

    Striker840 TS Rookie

    What are this user's rights to the parent folder and are they inherited?
    The user should have traverse file rights to the parent folder, then R/W to his specific folder.

    With an XP OS on that machine the user can get pretty granular when it comes to rights assigned. I have a NT DC with XP/2000 machines and I can login as admin on my machine and set rights to a folder for a user with options that are not available if I go to the server directly.

    Also, why is he setup as local admin on his machine?
    Is there any specific reason why the user needs this?
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...