Originally posted by: STaSh
You can also use dumpsec.
STaSh, thanks you!
ENUMERATION TOOL: DUMPSEC Audit the Security of your Win NT/2000 Server
Use DumpSec to verify your Win NT/2000 system?s security settings
Saturday, January 31, 2004
A user may have been given permission to modify important files and folders or the rights to make system wide changes while working on Win NT/2000. This may lead to important files being deleted, by mistake or deliberately, by the user or by someone else using his account, or even lead to system crash. DumpSec is a tool that can check various file/folder permissions and user rights and let the systems administartor know the holes in system security.
DumpSec is an enumeration program for Win NT/2000. It dumps the permissions and audit settings for the file system, registry, printers and shares in a concise and readable format. Apart from that it also dumps information about users, groups, user rights, system policies and services. You can either take DumpSec from our this month?s PCQ Essential CD or download it from www.somarsoft.com
Installing and configuring DumpSec
The installation is simple and the program easy to run. Just run the DumpSec executable from Program Files and you get the DumpSec window. It can be used to dump security settings of the local system or of a remote system. In order for DumpSec to access a remote system, you must first log on to the remote server with administrative privileges. For that access any share on the remote system from the local machine. The remote system will prompt you to enter a username and password, use any administrative account and you are now done to dump settings for that system.
Using DumpSec for file/folder permissions
On the Report menu you will find options to dump information for file systems, shares, users, groups, policies, rights, etc. Start Dump Permissions for File System? and a new window opens to let you select the drive letter and the directory to check. File System check runs on local drives or mapped network drives, so if you want it to work with shared folders then map the shared folder to a drive letter. After that the program will scan the directory and present you with a list of file permissions like shown in the figure. An entry in the list gives you a file or directory name, the owner name, the accounts that have access on file or folder, their access permissions such as read, write, execute and full control. You can easily browse the list, look for inconsistent entries and make appropriate changes to your system. Like the file system option, you can run the option of dumping permissions for all or any share on a remote system.
Getting info on system users, policies and rights
To get information about the users on your system run Dump User as column? from the Report menu. On the next window enable checkboxes to dump information for user and computer accounts. Then, select the properties for which you need information, such as username, login script, home directory, password policies, account policies, logon hours and last login. Now it will scan the system, local or remote, and give you a list of users and their information. From here you can see what rights the users have, which groups does it belong to, when did he last log on and using which logon server. Interestingly, when we ran it on our file server, we found that two users had never logged on to it and hence they had the default passwords associated with their usernames. This could lead to trouble, as default passwords are common and known to all.
Not only this, you can get other information from DumpSec such as account policies, audit policies, trusted domains, etc.