Sysinternals Freeware - Mark Russinovich & Bryce Cogswell

AccessChk

Copyright 2006 Mark Russinovich
Last Updated: June 6, 2006 v2.0

Introduction

As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.

Installation

AccessChk is a console program. Copy AccessChk onto your executable path. Typing "accesschk" displays its usage syntax.

AccessChk works on Win2K, Windows XP and Server 2003 including x64 versions of Windows.

Usage

usage: accesschk [-s][-i|-e][-r][-w][-n][-v][[-k][-c]|[-d]] <username> <file, directory, registry key, service>

-c
Name is a Windows Service e.g. ssdpsrv (specify '*' to show all services)
-d
Only process directories
-e
Only show exlicitly set Integrity Levels (Windows Vista only)
-i
Show object Integrity Level (Windows Vista only)
-k
Name is a Registry key e.g. hklm\software
-n
Show only objects that have no access
-q
Omit banner
-r
Show only objects that have read access
-s
Recurse
-v
Verbose (includes Windows Vista Integrity Level)
-w
Show only objects that have write access

If you specify a user or group name and AccessChk will report the effective permissions for that account; otherwise it will dump the security descriptor. By default the path name is interpreted as a file system path. For each object AccessChk prints R if the account has read access, W for write access and nothing if it has neither. The -v switch has AccessChk dump the specific accesses granted to an account.

Examples

The following command reports the accesses that the Power Users account has to files and directories in \Windows\System32:

accesschk "power users" c:\windows\system32

This command shows which Windows services members of the Users group have write access to:

accesschk users -cw *

To see what Registry keys under HKLM\CurrentUser a specific account has no access to:

accesschk -kns austin\mruss hklm\software

To see the security on the HKLM\Software key:

accesschk -k hklm\software

To see all files under \Users\Mark on Vista that have an explicit integrity level:

accesschk -e -s c:\users\mark

Download AccessChk (20 KB)

Back to Top