Showaccs.exe: Show Access Control Lists
This command-line tool enables users to examine the access control lists (ACLs) on the registry, file system, and file and print shares, and to look at membership in local groups. ShowAccs command options support looking at specific areas of Windows 2000 and Windows XP (such as specific file-system directories), or examining the entire system.
The output file of ShowAccs is a comma-separated text file, called the access-profile file, that shows all the object-specific access rights on the system. The access-profile file can be reviewed and analyzed by using a text editor, or it can be imported into a spreadsheet or database management program.
ShowAccs also creates a mapping file that lists the security principals (users and groups) that show up somewhere in ACLs. The mapping file can be input to the Security Migration Editor Microsoft Management Console (MMC) snap-in for account mapping.
This tool is part of the Sidwalker Security Administration Tools.
There is no corresponding user interface for this tool.
Access control is implemented by access control lists (ACLs). Every file in the NTFS file system and every registry key has a unique ACL, granting access rights to file resources to users and groups, and defining what specific access rights each is granted. Each user and group is identified in the ACL by a security identifier (SID).
ShowAccs can be run as scheduled batch jobs. It must be run locally on the computer where the access permissions are to be changed. ShowAccs uses Windows NT security APIs (supported on Windows NT 4.0, Windows 2000, and Windows XP) to examine every access control list (ACL) on every object on the system. It is a CPU and I/O intensive program; plan to run it when system use is otherwise very light and expect significant resource use.
In Windows NT 4.0, ShowAccs requires Msvcrt50.dll, which is found in the \System32 directory of any Windows 2000 installation.
Msvcrt50.dll (found in the \System32 directory)