AccessEnum: list the directories in Windows Rights [Quick Guide]

4:42 pm April 13, 20179824

I. introduction

today we discover a very useful little tool on Windows: AccessEnum .

It can be run as an administrator or as a standard user, without installation and is used to list the rights on all directories of the system . This can be handy in many contexts, both in attack and in defence. Side defensive, this allows to know in which directories a non privileged user is allowed to create new files, it is useful in the case of malware, who like to find little-known directories in order to settle there (particularly in C:windows)

AccessEnum can be used as well to the system directories for the registry keys and rights are positioned

to retrieve AccessEnum , direction the official page of the utility from the Microsoft site:

II. Usage example

once started, the tool offers two types of scans, or “Directory”, to view the rights of the directories, or “Registry” to view the rights on the registry keys, another element referred by a variety of malware.

Use AccessEnum

here is an example of a scan “Directory” run as administrator on C:Windows

example of result of AccessEnum on a scan of the rights of the directories

here is another example of scan “Registry” launched as Administrator

example of result of AccessEnum on a scan of the registry key


it is worth noting that running a scan as an administrator or as a standard user will not have the same result. Indeed, a user will not be able to go see the subdirectories of a directory to which he cannot access, an administrator will have access to all of the directories and the results will be more complete.

Among the interesting results that one can see and notice with AccessEnum, here are a few directories on my Windows 7 system that is accessible to all users in C:Windows

example of result of AccessEnum

Finally, the reports can be saved in text format for a discussion out of the system on which the tool for been run practice also.

This small tool can be handy especially in defensive terms and when retrieving information for a system audit or an analysis of the configuration of the system.

Feel free to share your opinions in the comments! 🙂