10.8 Authorization tools


Table 10.22 lists the authorization troubleshooting and administration tools that are shipped with Windows Server 2003 or as part of the Windows Server 2003 resource kit or the Windows Server 2003 support tools.

Table 10.22: Authorization Administration and Troubleshooting Tools

Tool

Explanation

Windows Server 2003

cacls

A command-line tools to view and update file system ACLs.

Whoami

Can be used to look at the content of a user’s access token (use the /all switch).

Resource Kit Tools

Showpriv

A command-line tool that displays the privileges granted to users and groups.

ntrights

A command-line tool that can be used to grant or revoke Windows 2000 rights for a user or group.

permcopy

A command-line tool that copies share permissions and file ACLs from one share to another.

showacls

A command-line tool that enumerates access rights for files, folders, and trees.

subinacl

A command-line tool to transfer security information from user to user, from local or global group to group, and from domain to domain.

showmbrs

A command-line tool that shows the user names of members of a given group.

Support Tools

Acldiag

A command-line tool that helps diagnose and troubleshoot problems with permissions on Active Directory objects.

ADSIEdit

Very useful tool to administer the permissions on AD objects.

Dsacls

A command-line tool to manage the ACLs of AD objects.

Ldp

A GUI-based tool that can display the raw content of an AD object’s security descriptor (in the SDDL format).

Sidwalker

Sidwalker consists of three separate programs. Two of these, Showaccs and Sidwalk, are commandline tools for examining and changing ACEs. The third, Security Migration Editor, is MMC snap-in for editing mapping between old and new SIDs.

Sdcheck

A command-line tool that displays the security descriptor for any AD object.

xcacls

A command-line tool that can be used to set all file-system security options accessible in Windows Explorer from the command line.

More Information on Managing Windows Authorization Settings Using Scripting and WMI It is possible to automate the security descriptor configuration with scripts instead of using the ACL Editor. Leveraging WMI Scripting by Alain Lissoir (Digital Press, 2003) demonstrates how this can be achieved for the registry, the file system (files and folders), the WMI CIM repository, Active Directory, and Exchange 200x mailboxes. The 210 pages of WMI and ADSI security scripting techniques are dedicated to help administrators understand and automate this complex configuration. More information can be found at http://www.lissware.net.




Windows Server 2003 Security Infrastructures
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net