10.8 Authorization tools

Windows Server 2003

cacls

A command-line tools to view and update file system ACLs.

Whoami

Can be used to look at the content of a user’s access token (use the /all switch).

Resource Kit Tools

Showpriv

A command-line tool that displays the privileges granted to users and groups.

ntrights

A command-line tool that can be used to grant or revoke Windows 2000 rights for a user or group.

permcopy

A command-line tool that copies share permissions and file ACLs from one share to another.

showacls

A command-line tool that enumerates access rights for files, folders, and trees.

subinacl

A command-line tool to transfer security information from user to user, from local or global group to group, and from domain to domain.

showmbrs

A command-line tool that shows the user names of members of a given group.

Support Tools

Acldiag

A command-line tool that helps diagnose and troubleshoot problems with permissions on Active Directory objects.

ADSIEdit

Very useful tool to administer the permissions on AD objects.

Dsacls

A command-line tool to manage the ACLs of AD objects.

Ldp

A GUI-based tool that can display the raw content of an AD object’s security descriptor (in the SDDL format).

Sidwalker

Sidwalker consists of three separate programs. Two of these, Showaccs and Sidwalk, are commandline tools for examining and changing ACEs. The third, Security Migration Editor, is MMC snap-in for editing mapping between old and new SIDs.

Sdcheck

A command-line tool that displays the security descriptor for any AD object.

xcacls

A command-line tool that can be used to set all file-system security options accessible in Windows Explorer from the command line.