I am currently faced with having to provide which users have access to what directories within our CIFS shares on our 270 and 3020 filers. The only auditing that I have been successful with thus far is pulling success and failures of access to the shares using the cifs.audit.enable option and then viewing the event log via windows. Has anybody else been faced with having to provide a log of who has access to what directories? I would imagine that I am not the only one that has come across this...Any help would be greatly appreciated.
I am using Ontap 7.0.5 if that helps.
Thanks,
Skip
Skip,
In our company we use Security explorer.
Best regards, Rik Daniëls
________________________________
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Skip Norman Sent: vrijdag 16 maart 2007 0:35 To: toasters@mathworks.com Subject: Auditing CIFS shares for compliance purposes
I am currently faced with having to provide which users have access to what directories within our CIFS shares on our 270 and 3020 filers. The only auditing that I have been successful with thus far is pulling success and failures of access to the shares using the cifs.audit.enable option and then viewing the event log via windows. Has anybody else been faced with having to provide a log of who has access to what directories? I would imagine that I am not the only one that has come across this...Any help would be greatly appreciated.
I am using Ontap 7.0.5 if that helps.
Thanks,
Skip
I am currently faced with having to provide which users have access to what directories within our CIFS shares on our 270 and 3020 filers. The only auditing that I have been successful with thus far is pulling success and failures of access to the shares using the cifs.audit.enable option and then viewing the event log via windows. Has anybody else been faced with having to provide a log of who has access to what directories? I would imagine that I am not the only one that has come across this...Any help would be greatly appreciated.
I am using Ontap 7.0.5 if that helps.
It sounds like you need to provide a report of all your ACLs.
There is a free utility called "fileacl" that runs on the Windows command line (not GUI).
http://www.gbordier.com/gbtools/fileacl.htm
You can use it to set ACLs and also print them out. It has a flag to recursively output all ACLs beneath a folder.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support
-
Daniels, Rik -
Skip Norman -
Stephen C. Losen