Controlling access rights is a full-time job for some administrators. There's always something to do: create a file share here, a new folder there, manage registry settings for one user, add a new user to a folder, rename user accounts, and so on. When you're working only with the default Windows tools, you have to use a series of Microsoft Management Consoles (MMCs) to get the job done right. Not so with ScriptLogic's Security Explorer 4.8. Explorer gives you a one-stop shop for all permissions management in organizations of any size. Whether you have one or 1,000 servers, Security Explorer will let you view and modify permissions on files, folders, registry settings, and file shares using a single, easy-access interface.
This tool is especially useful when working with user home directories or redirected folders. One issue administrators face today is that with Windows NT or Windows 2000, you must modify the default permissions that are assigned to automatically created user folders?for example, when using the %username% variable for the generation of user home folders. To do this, you might use the cacls or the xcacls commands, running the following command at the root of the shared folder structure you design to store user shares, for example:
cacls *.* /t /e /c /g administrators:f
This command uses /t to modify all subdirectories, /e to edit and not replace permissions, /c to ignore all errors, and /g to grant the administrators group full permissions on all file objects. This way you can see and work with the contents of user shares without taking away their own rights. Of course, this command is no longer necessary in Windows Server 2003 because it automatically grants the administrators group these rights when it generates a private home folder for users. But, if you're still working with NT or Windows 2000, you need this command. Not so if you use Security Explorer. Explorer includes a handy little capability to use the Backup Operators' right to backup files to let you manage these permissions without having to change their access rights.
Read the full article
Security Explorer Product Review in Windows Server System Magazine, June 2004