CHECK ACCESS PERMISSIONS ON SHARES
With permission sets often overlapping between shares and NTFS, permission
problems can sometimes be tricky to track down. In an effort to provide
some simplicity while still maintaining some semblance of security,
some organizations just provide Full Access permissions for shares
and limit individual NTFS permissions.
Organizations that aren't comfortable with this approach need tools
to help them along the way. One of the tools from the Windows Server
2003 Resource Kit, Server Share Check, can help in these efforts.
Server Share Check lists all shares from a specified server. It also
enumerates the users and groups that have access as well as the level
of access that each has.
Server Share Check also works on Windows 2000 and Windows XP machines.
You can download the Windows Server 2003 Resource Kit from Microsoft's
Web site. The filename is Srvcheck.exe.
http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&DisplayLang=en
Keep in
mind that this tool only displays unhidden shares. The four possible
sharing permissions listed are No Access, Read (read files and execute
programs), Change (read, execute, modify, and delete items), and Full
Control.
Here's an example:
C:\>srvcheck \\w2k3
\\w2k3\tsclient
Everyone Read
\\w2k3\HelpDesk
Everyone Read
\\w2k3\webdev
W2K3\user1 Full Control
Everyone Read