Software: Microsoft Research’s MACE
Check out the page Using MACE to keep track of file share permissions, a guide to roll out MACE.
...provides the ability to explore and answer questions such as: • Who has Access to network share/ resource \\TreyResearch\Finance and what is their access type? • Who has “Read” access to C:\TreyResearch\Finance AND C:\TreyResearch\HR? • Who has “Explicit deny” access to \\TreyResearch\Finance? • What objects does user: Bobde, Nikhil have “Read” access to? • Does security group TreyResearch-Interns have access to C:\TreyResearch\Finance?
This tool consists of 2 installable components 1. Data Collector: Used for collecting data from 1 or more data servers. This needs to be installed on each data server from where data is collected. 2. Data Visualizer: Used for visualizing the data collected from 1 or more data servers (from step 1). This is installed locally on the Admin’s (or the person who has rights to view and analyze data collected) machine.
All of this lovely info has been taken from the doc included with the package.
I’ve posted this a little early, as I’ve yet to implement and/or test the application. It looks to be the solution to a challenge that can be very complex to solve.