AccessChk utility audits user access to files and directories

To maintain security, administrators often need to know what kind of accesses specific users or groups have to resources, including files, directories and registry keys. A tool called AccessChk can help answer those questions.

One of the components of good security is awareness—for instance, knowing whether or not a given object is indeed

accessible or inaccessible to a given user or group. Admins typically audit accessibility through Explorer's Security tab, but it's much harder to do this for multiple objects or non-Explorer objects that have access control (such as services or registry keys).

 

But once again, those administrator lifesavers at Sysinternals.com, Mark Russinovich and Bryce Cogswell, have come to the rescue. Their new tool, AccessChk, is a simple but powerful command-line tool for auditing access controls against various objects, such as services, registry keys, files and folders.

An admin provides AccessChk with a user or group name and an object to audit. For instance, to audit all the services that the Power Users account has to Windows Services, you would use the command accesschk "power users" –c (note the use of quotes to demarcate an object with a space in the name). For a Registry key, use the –k switch: accesschk "power users" -k hklm\software. Adding the -s switch to any command makes it work recursively: It processes not only the object in question, but any objects under it (subfolders, subkeys, etc.). Full documentation of all the available command-line switches is contained in the program itself.

AccessChk has a few limitations. Right now you can only audit for one user or group at a time; you can't supply a list of groups to match. You also need to be careful when you audit against filenames or pathnames that have Unicode (non-ASCII) characters in their name -- the report returned will not list them correctly unless you are using the correct locale for the console. Also, the first time you run AccessChk you'll be prompted to click through a licensing agreement. But this only happens once.

More information from SearchWinSystems.com


This was first published in May 2006

Dig deeper on Windows Server Virtualization and Microsoft Hyper-V

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close