In this article I will show you how can you check access permissions on a certain resource. In Windows environments, every user must have access permissions to a certain folder in order to use that particular resource. As you may already know, permissions can be very granular and Windows will let you select from a bunch of special features. Usually, you can assign read, write or full control permissions to a folder. To achieve this, right click on a folder and select Properties, then click the Security tab:
Here you can view all users and groups that have access to that particular resource. As you can see, the Administrators group has full control over this folder. To apply/change or remove permissions on a more granular level, click the Advanced button. From here select your desired user/group and click Change Permissions:
After applying your desired permissions, click OK. The same steps you should take when troubleshooting a particular access problem. Another aspect that you’ll need to consider is the network. If you work on remote servers, always check if the sharing port is permitted from your workstation to that particular server. To test this, type telnet [server ip or hostname] 445 . This port is used in Microsoft Active Directory, for Windows sharing. This command would look something like this:
If this command is successful then you should check the access permissions. I will only talk about security permissions. If you don’t know by now, in Windows platform there are two types of permissions: sharing and NTFS permissions(or security permissions).
A useful tool that you should use to troubleshoot permission problems, is the AccessEnum available for download on Microsoft’s website:
http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx. Download this tool and double click it:
In the first filed you will have to type in the desired folder or registry. After that, just click the Scan button and wait for the tool to finish the scanning process. You will be able to see all the permissions that apply to that particular folder and its subfolders. A cool feature of this tool is that you can even check permissions on network resources. Type in the \\share and let the scanning process begin.
A similar tool is ShareEnum which will display security information on all shares accessible within a selected domain. You can download this tool from the following link http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx. When you open this application, the following window will be displayed:
From the right you can select the domain in which the searching will be made. After selecting the desired domain all the shares will be shown. Remember that in order to achieve this you will need to be a Domain Administrator (this tool uses the NetBios access the desired information).
OK folks, I hope this article will server you well. Leave any comment or post any question that you have. Enjoy your day and stay tuned for more articles to come.