Great things come in small packages. Take this free NT data dump utility as an example.

Dumpster Diving

Great things come in small packages. Take this free NT data dump utility as an example.

When we first began this column, I regaled you with promises of wondrous tools included in Windows, Windows NT, and the Resource Kits. You’ll also recall that I mentioned that third-party utilities and shareware tools abound with many being quite good. While I had intended to keep the focus on the Microsoft tools, every so often a third-party tool comes along that really bears mentioning.

Such is the case with SomarSoft, Inc.’s DumpACL. This baby is indispensable for managing users, groups, directory permissions—you name it. It doesn’t actually let you change any settings, but it does allow you to “dump” NT information that can then be used to look for security holes, overlapping permissions, whatever. Want to know the best part? It’s free! OK, I know that some of you are hesitant to use freeware utilities, but since this one doesn’t have change capability (you can look at data), you should be safe. Besides, if it makes you feel any better, SomarSoft used to charge for it.

Figure 1 shows the interface with the Report menu open. This jewel is the heart of the system. From here you select which type of report you want to run. There are six different types: Permissions, Users, Groups, Policies, Rights, and Services. Somewhere in there is a report that you’re going to need. Probably the most versatile is Permissions.

Figure 1. The Report tab of DumpACL's main interface is the heart of the system, showing all the available reports you can run.

The first step in using this report is to configure the report options. These are:

  • Show Owner
  • Show Permissions
  • Show Audit Settings

You can also filter the report down (very useful when dealing with a lot of information) in several ways. You can show only directories and files whose permissions differ from the parent (exception dirs and files), only directories that differ (exception dirs, no files), all directories with files that differ (all dirs, exception files), all directories but no files (all dirs, no files), or everything (all dirs, all files). Once you’ve set your preferences, you can dump the file permissions. Also in the Permissions section are Registry, Printers, and Shares.

Next we have Users and Groups, both of which can be dumped as either a column or a table (Permissions are only dumped as a table). All this does is change the way it looks, so choose the way you like best. Policies and Rights have no options and are dumped as a column and a table, respectively. The Services report allows you to select either Win32 services or kernel drivers (or both) and services that are either running or not running (or both)—dumped as a table.

Once you have the report, you can choose how to save it. DumpACL has a native file format with a .DCL extension. You can also choose from comma-delimited, tab-delimited, fixed-width columns, or Unicode fixed-width columns—it all depends on what you’re going to do with the data later. I prefer comma delimiting because it’s easy to import into Excel for “refinement” (read: “prettying-up”). You can also use DumpACL to print the reports. It lets you perform basic page layout and even select from different fonts.

What the Heck Do You Do with It?

I mentioned that this is a great tool for tracking down problems. But it’s also great for documentation. Here’s a thought… run a report of each type, make them look good in Excel, then put them in a binder and keep them with the server. Show them to your boss. He or she will be so impressed with your organizational skills that you’ll be promoted to project manager! Seriously!

Any Problems?

Well, it only runs on NT. Most of the Microsoft administrative utilities have versions that you can run on Win 9x, but this one won’t. So if you use a Win 9x machine for your network admin duties… sorry. Hey! You’ve been just looking for a reason to upgrade anyway, admit it. Also, it doesn’t do much in the way of printing attractive reports. But you can easily import these reports into something that can, so it’s really a non-issue.

DumpACL can make your administrative life a lot easier. Like the man said… “It may be free, but it ain’t cheap!”

About the Author

Chris Brooke, MCSE, is a contributing editor for Redmond magazine and director of enterprise technology for ComponentSource. He specializes in development, integration services and network/Internet administration. Send questions or your favorite scripts to [email protected].