Tools for analyze all PC in a network

TheMSsForum.com: The Microsoft Software Forum

Dear All,

I have one big issue about sharing folder policy in my company. Many users
doesn't understand how to make a proper sharing.

That is why i need tools to analyze automatically all PC in the network,
what kind of the share folder they have and the sharing permission.

Can someone help me here?

Thx
Top

Re: Tools for analyze all PC in a network by S

S
Wed May 10 06:02:38 CDT 2006

Do a simple vulnerability scan - use Nessus (www.nessus.org), or just scan
for shares using any tool like Network scanner
(http://www.softperfect.com/products/networkscanner/)

It's a good idea to implement policy that configures computers that are not
supposed to share files to stop Server service - use AD GPO for that.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
news:Okg5SMAdGHA.2188@TK2MSFTNGP04.phx.gbl...
> Dear All,
>
> I have one big issue about sharing folder policy in my company. Many users
> doesn't understand how to make a proper sharing.
>
> That is why i need tools to analyze automatically all PC in the network,
> what kind of the share folder they have and the sharing permission.
>
> Can someone help me here?
>
> Thx
>


Top

Re: Tools for analyze all PC in a network by karl

karl
Wed May 10 06:38:05 CDT 2006

... and a version of Nessus that runs entirely on Windows is NeWT at
www.tenablesecurity.com

You might first check out Winfingerprint, that may be closer to what you're
looking for.

However, I believe to enumerate the permissions on shares, you'll need a
tool that can use a Windows account with administrator privileges. I'm not
sure either of those tools will do that part.


"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uMPRFFCdGHA.4148@TK2MSFTNGP05.phx.gbl...
> Do a simple vulnerability scan - use Nessus (www.nessus.org), or just scan
> for shares using any tool like Network scanner
> (http://www.softperfect.com/products/networkscanner/)
>
> It's a good idea to implement policy that configures computers that are
> not supposed to share files to stop Server service - use AD GPO for that.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> "Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
> news:Okg5SMAdGHA.2188@TK2MSFTNGP04.phx.gbl...
>> Dear All,
>>
>> I have one big issue about sharing folder policy in my company. Many
>> users doesn't understand how to make a proper sharing.
>>
>> That is why i need tools to analyze automatically all PC in the network,
>> what kind of the share folder they have and the sharing permission.
>>
>> Can someone help me here?
>>
>> Thx
>>
>
>


Top

Re: Tools for analyze all PC in a network by Steven

Steven
Wed May 10 11:05:28 CDT 2006

In addition to what Karl and Svyatoslav recommended take a look at the free
ShareEnum from SysInternals and Dumpsec from SomarSoft at the links below.
If your users are in an Active Directory domain you can also configure the
user right for access this computer from the network to help control what
users/groups have access to network shares. If you use "authenticated users"
instead of everyone or users then the user will not be able to allow
guest/anonymous access to their shares as it sounds like they are also local
administrators or at least power users. Guest can also be disabled with
Group Policy. --- Steve

http://www.sysinternals.com/Utilities/ShareEnum.html
http://www.somarsoft.com/

"Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
news:Okg5SMAdGHA.2188@TK2MSFTNGP04.phx.gbl...
> Dear All,
>
> I have one big issue about sharing folder policy in my company. Many users
> doesn't understand how to make a proper sharing.
>
> That is why i need tools to analyze automatically all PC in the network,
> what kind of the share folder they have and the sharing permission.
>
> Can someone help me here?
>
> Thx
>


Top

Re: Tools for analyze all PC in a network by Rian

Rian
Thu May 11 02:36:40 CDT 2006

Now, we are on the way in stoping file & print sharing service. But as i
know, we can not do it by GPO so we are going to disable it one by one on
the PC.
Maybe you know the best way to do it using GPO.

Rian W

"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uMPRFFCdGHA.4148@TK2MSFTNGP05.phx.gbl...
> Do a simple vulnerability scan - use Nessus (www.nessus.org), or just scan
> for shares using any tool like Network scanner
> (http://www.softperfect.com/products/networkscanner/)
>
> It's a good idea to implement policy that configures computers that are
> not supposed to share files to stop Server service - use AD GPO for that.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> "Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
> news:Okg5SMAdGHA.2188@TK2MSFTNGP04.phx.gbl...
>> Dear All,
>>
>> I have one big issue about sharing folder policy in my company. Many
>> users doesn't understand how to make a proper sharing.
>>
>> That is why i need tools to analyze automatically all PC in the network,
>> what kind of the share folder they have and the sharing permission.
>>
>> Can someone help me here?
>>
>> Thx
>>
>
>


Top

Re: Tools for analyze all PC in a network by S

S
Thu May 11 03:56:01 CDT 2006

Nessus allows you to provide credentials for SMB scan

"karl levinson, mvp" <levinson_k@securityadmin.info> wrote in message
news:Oxop0YCdGHA.564@TK2MSFTNGP02.phx.gbl...
> ... and a version of Nessus that runs entirely on Windows is NeWT at
> www.tenablesecurity.com
>
> You might first check out Winfingerprint, that may be closer to what
> you're looking for.
>
> However, I believe to enumerate the permissions on shares, you'll need a
> tool that can use a Windows account with administrator privileges. I'm
> not sure either of those tools will do that part.


Top

Re: Tools for analyze all PC in a network by S

S
Thu May 11 03:56:48 CDT 2006

One thing to be aware of - MBSA won't be able to scan the computers after
the change, and that is one very useful tool...

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
news:OToso2MdGHA.1656@TK2MSFTNGP02.phx.gbl...
> Now, we are on the way in stoping file & print sharing service.


Top

Re: Tools for analyze all PC in a network by Rian

Rian
Thu May 11 06:20:19 CDT 2006

So, what is the best solution for not allowing user to share their files or
folder, except the user has permission to do so.

"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:OOp$cjNdGHA.2068@TK2MSFTNGP02.phx.gbl...
> One thing to be aware of - MBSA won't be able to scan the computers after
> the change, and that is one very useful tool...
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> "Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
> news:OToso2MdGHA.1656@TK2MSFTNGP02.phx.gbl...
>> Now, we are on the way in stoping file & print sharing service.
>
>


Top

Re: Tools for analyze all PC in a network by Steven

Steven
Thu May 11 13:21:33 CDT 2006

Sure you can disable it via a GPO by disabling the server service if that is
really what you want to do as it is useful for many admin tasks including
RSOP reports. You might want to configure the Windows Firewall on XP Pro
computers to accept file and print sharing only from administrator
workstations/authorized computers or use ipsec to do the same if you have
Windows 2000 computers. --- Steve


"Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
news:OToso2MdGHA.1656@TK2MSFTNGP02.phx.gbl...
> Now, we are on the way in stoping file & print sharing service. But as i
> know, we can not do it by GPO so we are going to disable it one by one on
> the PC.
> Maybe you know the best way to do it using GPO.
>
> Rian W
>
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:uMPRFFCdGHA.4148@TK2MSFTNGP05.phx.gbl...
>> Do a simple vulnerability scan - use Nessus (www.nessus.org), or just
>> scan for shares using any tool like Network scanner
>> (http://www.softperfect.com/products/networkscanner/)
>>
>> It's a good idea to implement policy that configures computers that are
>> not supposed to share files to stop Server service - use AD GPO for that.
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> "Rian Wisandanu" <wisandanu@yahoo.com> wrote in message
>> news:Okg5SMAdGHA.2188@TK2MSFTNGP04.phx.gbl...
>>> Dear All,
>>>
>>> I have one big issue about sharing folder policy in my company. Many
>>> users doesn't understand how to make a proper sharing.
>>>
>>> That is why i need tools to analyze automatically all PC in the network,
>>> what kind of the share folder they have and the sharing permission.
>>>
>>> Can someone help me here?
>>>
>>> Thx
>>>
>>
>>
>
>


Top