Let's say a company has a large number of users, and each user has a home area.
On each share used for home area folders, I would like to define some rules saying who is supposed to have which permissions on the folder.
Then I would like to audit automatically, that this is actually the case and get some sort of report on deviations.
So a rule for \MegaServer\Home01 could be defined something like:
- Domain Admins - Full Control
- Backup Agent - Read
- [Home folder owner] - Full Control
I am talking about Windows platform and Windows servers, although I think it would most likely also work for *nix machines that expose Windows shares.
Does software like this exist?
I could roll my own basic version, but if something already exists, that is usually a better option.
I am aware of tools to make displaying permissions easier (AccessEnum, DumpSec), but that is not what I am looking for.
Using a tool like SUBInACL http://www.microsoft.com/en-us/download/details.aspx?id=23510 and/or PowerShell (Get-ACL; Set-ACL) would solve your problem while also allowing you to script it.