Is there a way of listing what permissions a user has on folders on a particular server? For example: User Mike in domain XXX has permissions oncertain folderson server YYY. Is there a way of listing these without having togo thru each folder? This is a Server 2003 domain Thanks.

Hi, You may dump permission based on the folder directory structure with the "Fileacl" utility, we can use the Fileacl.exe tool to dump file or folder permission to a .txt file and then search for the user group account in the text file. Here is an example of the usage of Fileacl. In this example, we dump the permission settings to a acl.txt file. Dump the permission of the folder d:\test, please use the command below to dump it: Fileacl d:\test /sub: 1 > acl.txt /sub: 1 = dump permissions for subfolders go 1 directories deep. Please note: you could increase the value to dump the permissions of the deeper directory. Open acl.txt with notepad.exe, you will file the settings saved as the following way: ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- The output of the command is like below: d:\test;BUILTIN\Administrators:F[I] d:\test;NT AUTHORITY\SYSTEM:F[I] d:\test;NT AUTHORITY\Authenticated Users:RWXD[I] d:\test;BUILTIN\Users:RX[I] d:\test\test1;BUILTIN\Administrators:F[I] d:\test\test1;NT AUTHORITY\SYSTEM:F[I] d:\test\test1;NT AUTHORITY\Authenticated Users:RWXD[I] d:\test\test1;BUILTIN\Users:RX[I] d:\test\test1; domain\gg_all_user_vannes:RX[1] ---------------------------------------------------------------------------- ----------------------------------------------------------------------------- You may use "search" function with the notepad to locate "gg_all_user_vannes" in the acl.txt file. Here is the detailed permissions mapping U:no right, use to set permissions with special inheritance Rr: Read Data / List Directory (FILE_READ_DATA) Ww: Write Data / Add Files to directory (FILE_WRITE_DATA ) Ra/Wa: Read / Write Attributes (file or dir, Read-only, Hidden ...) Re/We: Read / Write Extended Attributes (compressed, encrypted ..) p/P: Read / Write Permissions A: Append data to file / Add subdir to directory D: Delete File / Delete Dir Dc: Delete Child (sub file/sub dir) X: Execute File/ CD to dir You can download the fileacl.exe utility from the following link: http://www.microsoft.com/downloads/details.aspx?FamilyID=723f64ea-34f0-4e6d-9a72-004d35de4e64&DisplayLang=en Hope it helps. Tim Quan - MSFT

Use Sysinternals' AccessEnum and filter the output to suit your requirements:http://technet.microsoft.com/en-us/sysinternals/bb897332.aspxRegards,Salvador Manaois IIIC|EH MCSE MCSA MCITP|Server/Enterprise AdminBytes & Badz : http://badzmanaois.blogspot.com