Enumerate permissions of a particular group

G

Guest

I need to clean up all the Global groups created over the years. I need to
find out which directories in the file server these groups have access to,
then go to the owners of the groups and tell them something like " hey, this
group has access to these following directories, is this right? any
adjustments needed?" All the tools out there, e.g. dempacl, are for
enumerating all the permissions on all the directories. How do I make them
group particular?
Thanks.
 
P

Pegasus \(MVP\)

monk said:
I need to clean up all the Global groups created over the years. I need to
find out which directories in the file server these groups have access to,
then go to the owners of the groups and tell them something like " hey, this
group has access to these following directories, is this right? any
adjustments needed?" All the tools out there, e.g. dempacl, are for
enumerating all the permissions on all the directories. How do I make them
group particular?
Thanks.
Click to expand...

You could run this batch file. Adjust Line3 to reflect the
specific folder you wish to scan, then call the batch file
with the name of the user or group as a parameter. Note
that the batch file won't work if you have user/group names
with embedded spaces.

Line1 @echo off
Line2 set user=%1
Line3 set source=d:\MyShares
Line4 set target=c:\%user%.txt
Line5
Line6 echo Compiling a directory listing
Line7 dir /b /ad /s "%source% > c:\dir.txt
Line8
Line9 echo %date% at %time:~0,5% > %target%
Line10 echo %User% has the access rights to these folders >> %target%
Line11 echo ============================================= >> %target%
Line12 for /F "tokens=*" %%* in (c:\dir.txt) do (
Line13 echo Processing %%*
Line14 cacls "%%*" | find /i "%User%" > c:\temp.txt && (echo %%* >>
%target% & type c:\temp.txt >> %target%)
Line15 )
Line16 echo Check %target% for a list of access rights for user or group
%user%.
 
J

Jerold Schulman

I need to clean up all the Global groups created over the years. I need to
find out which directories in the file server these groups have access to,
then go to the owners of the groups and tell them something like " hey, this
group has access to these following directories, is this right? any
adjustments needed?" All the tools out there, e.g. dempacl, are for
enumerating all the permissions on all the directories. How do I make them
group particular?
Thanks.
Click to expand...

See tip 10490 » How can I enumerate the permissions of specified security principals on my servers?
in the 'Tips & Tricks' at http://www.jsifaq.com

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Exporting list of groups 1
User permissions audit tools. 2
Migrating groups/permissions using SubinAcl? 4
XP list permissions settings? 2
Effective NTFS Permissions on Windows 0
is there way to print/display all groups and the permissions they have on all directories/files? 1
Backup of Active Directory and Group Policy 3
Find all references to an AD group 2

Top