I am hoping someone might point me towards an intuitive application. With all the SOX (Sarbanes Oxley) Rules and Regulations in place and a need for general security and access rights review.

[PROBLEM]
It has come to my attention that when someone in my company changes positions or gets hired in or whatever it might be, their old access is not changed. Just new access needed. There is no review of the process or anything else.

[NEED]
I am looking for an application that I can input user ID's Different systems, applications, share drives, etc. and determine what access rights they have. Then quarterly I can send an email to various department and application owners to review so they can tell me if said UID should still have access to whatever systems.

I would also love to see an application for windows 2k3 server that would automagically tell me what persmissions are associated with each folder/subfolder. This is assuming I have full administrative control to the server (which I do).

This will encompass multiple systems including (windows shares, AS/400 applications, Various other applications (ie: JBA, B&L, The list goes on))


[OTHER]
If anyone has any other Ideas thoughts on SOX compliance that might aide me while I get familiar with all the different things I need to answer to and understand that would be great.