+ Post New Thread
Results 1 to 6 of 6
Windows Server 2000/2003 Thread, How to analyse permissions of a security group in Technical; It's audit time and I've been asked by several schools to do a list of network users and their access ...
  1. #1
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    592
    Thank Post
    155
    Thanked 81 Times in 68 Posts
    Rep Power
    76

    How to analyse permissions of a security group

    It's audit time and I've been asked by several schools to do a list of network users and their access rights.

    I can list network users and their group memberships easily, but is there a way of being able to tell what effective permissions a group has without going through every folder on the server separately.

    These are small schools with only 20 - 30 logins so if I have to do each one manually I can cope with this. I had a look at SolarWinds as a tool to automate this but am not 100% sure if it will do whatI want.

    Thanks

  2. #2

    Join Date
    Jan 2012
    Location
    London
    Posts
    30
    Thank Post
    0
    Thanked 8 Times in 6 Posts
    Rep Power
    7
    I'm pretty sure that the sysinternals team has a program that does this as long as your happy with command line options, AccessChk or AccessEnum would probably be enough.

    Sysinternals Suite

  3. Thanks to ICTonto from:

    kaphc (16th May 2013)

  4. #3
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    592
    Thank Post
    155
    Thanked 81 Times in 68 Posts
    Rep Power
    76
    I'd never come across Sysinternals on there before and there's some cool stuff. I've looked at AccessChk and that shows the access rights for an individual user object which great, but there doesn't seem to be anything for security groups. I ran AccessEnum as well and that was useful to show permissions to a folder, but that's pretty much what you can get from right-clicking on the folder and checking the security.

    Thanks for the heads-up on this software as it's great but it doesn't seem to quite do what I'm after.

  5. #4

    Join Date
    Jan 2012
    Location
    London
    Posts
    30
    Thank Post
    0
    Thanked 8 Times in 6 Posts
    Rep Power
    7
    Sorry about that, I use Sysinternals' other offerings extensively and it would have been my first port of call if i needed to accomplish what you require, there is another possibility that may fit your requirements better, DumpSec , however i must stress that I have never used this tool and I can't vouch for it, it may be worth testing in a sandboxed environment before letting lose in a live environment, I also enclose a discussion about this on the spiceworks community.

    Audit of Folder Security - Spiceworks

  6. Thanks to ICTonto from:

    kaphc (16th May 2013)

  7. #5

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,279
    Thank Post
    115
    Thanked 247 Times in 197 Posts
    Blog Entries
    1
    Rep Power
    76
    And in case it is useful to anyone... by controlling group memberships and permissions using the methods outlined in this video, in the future you can 'just look it up in AD'.

    Role-Based Management Extreme Makeover for Active Directory

    and for school sized fileservers and domains, it isn't too painful to implement and retrofit over the course of a year.

  8. #6
    kaphc's Avatar
    Join Date
    Sep 2009
    Location
    Derbyshire
    Posts
    592
    Thank Post
    155
    Thanked 81 Times in 68 Posts
    Rep Power
    76
    Quote Originally Posted by psydii View Post
    And in case it is useful to anyone... by controlling group memberships and permissions using the methods outlined in this video, in the future you can 'just look it up in AD'.

    Role-Based Management Extreme Makeover for Active Directory

    and for school sized fileservers and domains, it isn't too painful to implement and retrofit over the course of a year.
    That looks like an interesting hour and 15 minutes to sit and watch when I get chance (yep I know how sad that sounds but it sincerely does).

    At the moment, I have gone back to the network shares, and worked out the permissions from there. There might be a couple of inherited permissions I've missed but I think what I'm putting together will be enough for the auditors (I hope!)



SHARE:
+ Post New Thread

Similar Threads

  1. [MS Office - 2003] How to count number of Male & Female in a column on a spreadsheet
    By EaglesNerd in forum Office Software
    Replies: 6
    Last Post: 18th March 2011, 01:51 PM
  2. Replies: 8
    Last Post: 16th November 2010, 12:13 PM
  3. Replies: 3
    Last Post: 26th August 2008, 12:59 PM
  4. how to get rid of this man
    By callumtuckey in forum General Chat
    Replies: 22
    Last Post: 12th June 2007, 08:56 AM
  5. Replies: 5
    Last Post: 9th July 2006, 04:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •