Dumpsec es una herramienta para auditoría en Windows. Es usada frecuentemente para generar reportes de permisos en file system, usuarios, grupos, registry, etc.
Aca les
paso los comandos de Dumpsec que pueden usar para agilizar cualquier necesidad
de auditoría.
Tienen que
ejecutarlo con un CMD parados en el dir donde este el Dumpsec.exe
Desde este link pueden descargar las tools imprecindibles de la gente de SystemTools - www.systemtools.com
Dumpsec /rpt=dir=c:\ /saveas=csv /outfile=c:\temp\dirC.txt
Dumpsec /rpt=dir=d:\ /saveas=csv /outfile=c:\temp\dirD.txt
Dumpsec /rpt=dir=e:\ /saveas=csv /outfile=c:\temp\dirE.txt
Dumpsec /rpt=userscol /saveas=csv
/outfile=C:\temp\userscol.txt
Dumpsec /rpt=Groupscol /saveas=csv
/outfile=C:\temp\GroupsCol.txt
Dumpsec /rpt=groups /saveas=csv /outfile=C:\temp\Groups.csv
Dumpsec /rpt=Groupsonly /saveas=csv /outfile=C:\temp\GroupsOnly.csv
Dumpsec /rpt=rights /saveas=csv /outfile=C:\temp\Rights.txt
Dumpsec /rpt=services /saveas=csv
/outfile="C:\temp\" + %computername% + "_Services.txt"
Dumpsec /rpt=allsharedirs /saveas=csv
/outfile=C:\temp\Allshares.txt
Dumpsec /rpt=shares /saveas=csv /outfile=C:\temp\shares.txt
Dumpsec /rpt=Policy /saveas=csv /outfile=C:\temp\Policy.txt
Dumpsec /rpt=registry=HKEY_LOCAL_MACHINE /saveas=csv
/outfile=C:\temp\RegistryMachine.txt
Dumpsec /rpt=registry=HKEY_USERS /saveas=csv
/outfile=C:\temp\RegistryUser.txt
Dumpsec /rpt=printers /saveas=csv
/outfile=C:\temp\Printers.txt
customizable
-------------
Dumpsec
/rpt=share=sharename
Specific shared directory permissions report
Mas info:
Required parameters
/rpt=report
type
Type of report to produce:
dir=drive:\path Directory permissions report (drive letter
path)
dir=\\computer\sharepath
Directory permissions report (UNC path)
registry=hive Registry permissios
report (hive can be HKEY_LOCAL_MACHINE or HKEY_USERS)
share=sharename
Specific shared directory permissions report
allsharedirs
All non-special shared directories permissions report
printers
Printers permissions report
shares Shares permissions report
users Users report (table format,
all fields except groups, groupcomment and grouptype)
usersonly
Users report (table format, only username, fullname and comment fields)
userscol
Users report (column format, same fields as users report)
groups Groups report (table format, all fields)
Groupsonly Groups
report (table format, group info, no user info)
Groupscol
Groups report (column format, same fields as groups report)
Policy Policy report
rights Rights report
services
Services report
/outfile=drive:\path
File in which to store report. This file will be replaced if it already exists.
Optional parameters for all reports
/computer=computer Computer for which to dump
information. Ignored for directory reports (since computer is implied by
computer associated with redirected drive). Default is to dump local
information.
/saveas=format
Fomat in which to store report:
native binary format, can be loaded back into Somarsoft
DumpSec
csv
comma separated columns
tsv
tab separated columns
fixed fixed width columns,
padded with blanks
Default is to save as native format.
/noheader
Do not include timestamp and other header information in saved report. Default
is to include this information.
Optional parameters for permissions reports only
/noowner
Do not dump owner. Default is to dump owner.
/noperms
Do not dump permissions. Default is to dump permissions.
/showaudit
Dump audit info. Default is not to dump audit info. Ignored if audit
information cannot be displayed because the current user is not a member of the
Administrators group.
(only one of the following options can be specified)
/showexceptions
Show directories, files, and registry keys whose permissions differ from those
of the parent directory or registry key. This is the default.
/showexcdirs Show directories (but
not files) whose permissions differ from those of the parent directory.
/showalldirs Show all
directories. Show only those files whose permissions differ from those of the
parent directory.
/showdirsonly Show all directories. Do not show
any files.
/showall
Show all directories, files and registry keys.
Optional parameters for users/groups reports only
/showtruelastlogon
Query all domain controllers for "true" last logon time, which can be
time consuming. Default is to use last logon time from specified computer.
/showosid
Dump SID as part of users report, which requires some additional and possible
time-consuming processing. Default is not to dump SID.
/showcomputers
Show computer accounts in users reports. Default is only to show normal user
accounts.
Examples:
DumpSec.exe c:\temp\users.dcl
Start Somarsoft DumpSec interactively, load and display a
report that was previously saved in native format in c:\temp\users.dcl.
DumpSec.exe /rpt=dir=c:\users /showaudit
/outfile=c:\temp\users.dcl
Run Somarsoft DumpSec batch mode, produce a report of
directory permissions for the c:\users directory showing owner, permissions and
audit settings and store the report in native file format in c:\temp\users.dcl.
The report will show only those directories and files whose permissions or
audit settings differ from those of parent directory.
DumpSec.exe /computer=\\server1 /rpt=users /saveas=csv
/outfile=c:\temp\users.txt
Run Somarsoft DumpSec in batch mode, produce a report
showing all user information in table format for users defined on
\\server1, and store the report in comma separated
columns format in c:\temp\users.txt.
DumpSec.exe /computer=\\server1 /rpt=share=sales
/outfile=c:\temp\users.dcl /showalldirs
Run Somarsoft DumpSec in batch mode, produce a report of
permissions for the
\\server1\sales
shared directory, showing owner and permissions but not audit settings, and
store the report in native file format in c:\temp\users.dcl. The report will
show all directories under the
\\server1\sales
tree, and only those files whose permissions differ from those of the parent
directory.