Use the Sysinternals Suite to Review Permissions on a Windows System

Windows Sysinternals is a set of utilities. It is used to control, maintain, and troubleshoot the Windows operating system. It contains many GUI and console utilities that are used to manage the operating system.

In this hands-on lab, you will use the Sysinternals suite to review permissions on a windows system. First, you will install reporting tools for permissions, configure user accounts, and configure data. Next, you will use AccessChk to report permissions for the resources, and then you will use AccessEnum to report permissions for the resources. Finally, you will use the icacls command to report and configure permissions on resources.

Understand the Scenario

In this virtual lab, you are a Windows Server system administrator. Your job is to audit permissions on a server. To accomplish this task, you will use a default installation of Windows Server 2016.

Configure the server

In this section of the lab, you will learn how to configure the server. First, you will select the EnumTools.iso to load the PermissionsTools DVD and copy the two files from the DVD to the desktop. Next, you will create three users named sales-user, dev-user, and manager and add the dev-user account to the local Administrators group and then create two folders on drive C named SalesData and DevData. Next, you will create a file named SalesFile.txt in the SalesData folder and a file named DevFile.txt in the DevData folder. And grant the Write NTFS permission to the sales-user for the SalesData folder, in addition to the default permissions, and then grant the Modify NTFS permission to the dev-user for the DevData folder, in addition to the default permissions. Finally, you will share the SalesData and the DevData folders, and then grant the Full Control share permission to the Everyone group for each shared folder.

Display access by using AccessChk

In this section of the lab, learners will now display access by using AcessChk. AccessChk is a utility that reports active permissions on safe objects, account licenses for a user or group, or token specifications for a method. First, learners will display the level of access the sales-user has to C:\SalesData\SalesFile.txt by using the accesschk command. The dev-user is a member of the Administrators group and will receive access to files based on that group membership. Next, they will display the level of access the manager has to the C:\SalesData\SalesFile.txt file and then display the level of access the sales-user has to the HKEY_LOCAL_MACHINE\SAM portion of the registry. After this, they will display the level of access the dev-user has to the Spooler service. The Spooler service is part of the Windows printing infrastructure. Finally, they will display the level of access the sales-user has to the SalesData and DevData shares and then display the level of access the dev-user has to the SalesData and DevData shares.

Display access by using AccessEnum

AccessEnum is a utility that allows users to recognize permissions, misconfigured files, folders, or registry keys. In this section of the lab, you will learn how to display access by using AccessEnum. First, on the desktop, you will double-click AccessEnum, and select Agree to accept the Sysinternals Software License Terms. Next, you will display the level of access the sales-user has to C:\SalesData\SalesFile.txt by using AccessEnum, and then display the level of access the dev-user has to the C:\DevData folder by using AccessEnum. The dev-user is a member of the Administrators group and will receive access to files based on that group membership. The sales-user is a member of the Users group and will receive access to files based on that group membership. Finally, you will check and confirm that you recorded access levels by using AccessEnum.

Display and configure access by using icacls

The iCACLS is used to display or modify an Access Control Lists (ACLs) for files and folders on the file system. In this section of the lab, learners will learn how to display and configure access by using icacls. First, they will display the NTFS permissions of the C:\DevData folder and then grant the Modify NTFS permission to the manager user account for the C:\SalesData\salesfile.txt by using icacls. Next, they will display the NTFS permissions of the C:\SalesData folder and record the permissions for the manager and then display the \localhost\SalesData share. The permissions will be displayed in a list form, with no spaces after the commas. Finally, they will display the permissions of the \localhost\DevData share, and then record the permissions for the dev-user. The effective permissions to a shared folder are the combination of share and NTFS permissions, with Windows enforcing the most restrictive of the two sets of permissions.

Lab Summary Conclusion

After completing the “Use the Sysinternals Suite to Review Permissions on a Windows System” virtual lab, you will have accomplished the following:

• Installed the AccessChk and the AccessEnum utilities.
• Displayed permissions by using AccessChk, AccessEnum, and icacls.
• Configured permissions by using icacls.