locked
NTFS permissions audit/report RRS feed

  • Question

  • Can I use SCCM to scan a client's NTFS file system and then create a report which shows the ACLs on the files and folders?

    Right now I'm using a collection of powershell scripts but the output is clunky and the data is not stored in any database for future reporting.

    I know there are products out there that will do this such as the Enterprise Security Reporter from ScriptLogic. However, SCCM can do MOST of what ESR can do and I'd hate to buy that product only for one reason.
    Thursday, February 4, 2010 7:34 PM

Answers

  • This no something you want to do with ConfigMgr. It is not designed for this type fo task.


    http://www.enhansoft.com/
    • Proposed as answer by Sherry Kissinger Thursday, February 4, 2010 11:49 PM
    • Marked as answer by Sabrina Shen Thursday, April 12, 2012 8:55 AM
    Thursday, February 4, 2010 8:36 PM

All replies

  • This no something you want to do with ConfigMgr. It is not designed for this type fo task.


    http://www.enhansoft.com/
    • Proposed as answer by Sherry Kissinger Thursday, February 4, 2010 11:49 PM
    • Marked as answer by Sabrina Shen Thursday, April 12, 2012 8:55 AM
    Thursday, February 4, 2010 8:36 PM
  • I just want to know whether it is doable or complicated to do a vbs or powershell scripting:

    due to domain migration , some shares still have the old domain groups \\domain1\group1 or group2. We want to list all share permissions first in the script then add the new groups if detected the different domain name  in the script. Basically just add domain2\group1 or group2

    I think that will be a very complicated scripts but just want some experts input on it.  ---Thanks

    Saturday, October 5, 2013 7:37 PM
  • I just want to know whether it is doable or complicated to do a vbs or powershell scripting:

    due to domain migration , some shares still have the old domain groups \\domain1\group1 or group2. We want to list all share permissions first in the script then add the new groups if detected the different domain name  in the script. Basically just add domain2\group1 or group2

    I think that will be a very complicated scripts but just want some experts input on it.  ---Thanks

    so you can do this via a script but the question above is about CM07 and how to inventory ntfs permissions.


    http://www.enhansoft.com/

    Saturday, October 5, 2013 8:39 PM