CHECK ACCESS PERMISSIONS ON SHARES

With permission sets often overlapping between shares and NTFS, permission problems can sometimes be tricky to track down. In an effort to provide some simplicity while still maintaining some semblance of security, some organizations just provide Full Access permissions for shares and limit individual NTFS permissions.

Organizations that aren't comfortable with this approach need tools to help them along the way. One of the tools from the Windows Server 2003 Resource Kit, Server Share Check, can help in these efforts.

Server Share Check lists all shares from a specified server. It also enumerates the users and groups that have access as well as the level of access that each has.

Server Share Check also works on Windows 2000 and Windows XP machines. You can download the Windows Server 2003 Resource Kit from Microsoft's Web site. The filename is Srvcheck.exe.
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en

Keep in mind that this tool only displays unhidden shares. The four possible sharing permissions listed are No Access, Read (read files and execute programs), Change (read, execute, modify, and delete items), and Full Control.

Here's an example:

C:\>srvcheck \\w2k3

\\w2k3\tsclient
Everyone Read

\\w2k3\HelpDesk
Everyone Read

\\w2k3\webdev
W2K3\user1 Full Control
Everyone Read