After Sysinternals became part of the Microsoft family, many people were worried that Mark Russinovich's collection
of free utilities would end up under lock and key, or even be removed from the market entirely.
Thankfully, this hasn't happened. All of Russinovich's utilities are still available and still free. In fact, he's working on new utilities as well as revising existing ones. In fact, there's a new version (3.0) of one of his "unsexy" but still immensely useful tools, AccessChk.
When something goes wrong on a PC, right away I check for whether the error is the result of a permissions issue. This type of diagnosis has become even more important in Windows Vista, now that the user no longer runs applications as admin by default (even if the user is logged in as admin).
In addition, these days any tool that helps ensure greater PC security is going to be warmly welcomed by Windows admins. To ensure they've created a secure environment, Windows administrators often need to know what kind of accesses specific users or groups have to resources such as files, directories, Registry keys, and Windows services. AccessChk is a command-line utility that helps admins audit these resources against specific user accounts (or vice versa). For instance, you can supply a group name and a directory, and determine which rights the users in that group have over that directory. Or you can look up a given directory and determine what rights are held on that directory by all the users in the system.
New in Version 3.0 of AccessChk are two switches: the –v switch, which lists the Windows Vista Integrity Level for the object in question, and the accompanying –e switch, which shows only explicitly set Integrity Levels. Integrity Levels ensure that processes with lower integrity levels cannot interact with processes of higher integrity levels, so they cannot sabotage their activities. (For instance, if you dump an object's attributes with the –e switch and it has no explicitly set Integrity Level, it will not be returned in the list of matching objects at all.)
Note: If you audit a service, it doesn't have to be running in order for you to return results, but you do need to use the service name as described in the General tab of the service's Properties pane. (For instance, the Volume Shadow Copy service is VSS.)
AccessChk works on Windows Vista, Win2K, Windows XP and Server 2003, including x64 versions of Windows.
About the author: Serdar Yegulalp is editor of the Windows Insight, (formerly the Windows Power Users Newsletter), a blog site devoted to hints, tips, tricks and news for users and administrators of Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Vista. He has more than 12 years of Windows experience under his belt, and contributes regularly to SearchWinComputing.com and SearchSQLServer.com.
More information on this topic:
- Tip: Vista's Windows kill switch: What to do if RFM kicks in
- Topics: Vista deployment
- Topics: Admin tools
- RSS: Sign up for our RSS feed to receive expert advice every day.