I am not sure why the power users failed, but you shouldn’t use relevance to check the permissions of a remote share. Why not just use relevance to check the permissions of the local share on the hlim31-deskop computer? If you sent this out to all your computers, it would cause all of them to check the permissions on this share (which is not what you want)… Also, it wouldn’t even work because the SYSTEM account wouldn’t have privileges…
Thanks Ben, for your reply. In fact, I tried out as what you suggested earlier. But its also the same. I can’t seems to audit the access permission of other user group (in this case, “Power User”), it can only check the permission for “Administrator”.
Is there any catch in this audit? Or is there any audit that I can list out all the group that have access to the file?
Eg of the following. Is there any audit that can list down there exists Administrator and Power User group in the specific directory?
Here is a shares and share permission analysis that you might be able to adapt to get the information you are looking for …
(name of it, path of it, (if (not exists entries of dacls of security descriptors of it) then “n/a” else ((trustee of it as string & “:” & (if ( read permission of it) then “R” else “”) &(if ( write permission of it) then “W” else “” ) &(if ( execute permission of it) then “E” else “” ) &(if ( set value permission of it) then “F” else “” )) of entries of dacls of security descriptors of it))) of network shares whose ((name of it != “IPC$”) AND (name of it != “ADMIN$”) AND (name of it != “C$”) AND (name of it != “D$”) AND (name of it != “E$”) AND (name of it != “F$”) AND (name of it != “G$”) AND (name of it != “H$”) AND (name of it != “I$”))
Example output: , , dacl example would be: \Everyone:RWEF OR Domain\User:RE
This doesn’t go into the special dacls, but it might point you in the right direction. When you get it worked out, please post for everyone’s benefit.