Report of Security Group folder rights

  • Thread starter Thread starter Barry Koopersmith
  • Start date Start date
B

Barry Koopersmith

How can I determine or create a report of which folders on
the network that an Active Directory "Security Group" has
rights to?

Thanks to anyone who can help me out.
 
Barry,
I'm not sure but it would have to be one hell of a program or script.
It would have to check

Every machine on the network, every registry permission, every share,
every printer, every GPO etc. That would be the only way to get a
thorough report. I don't think that tool exists but I will also be
watching this thread.
 
Before we switched to a Windows 2000 server two years ago,
we used a Novell Netware v4.11 server. With Netware, in
the same screens that you create a group and add members,
you assign and view what network directories and rights
that group has rights to. Are you saying there is no way
to do this in Active Directory?

How can I tell if it is safe to delete a group which may
no longer be used if I cannot tell if that group has
rights somewhere? It is not a good design by Microsoft if
I have to delete the group and wait to see if someone
complains that they cannot access a folder.
-----Original Message-----
Barry,
I'm not sure but it would have to be one hell of a program or script.
It would have to check

Every machine on the network, every registry permission, every share,
every printer, every GPO etc. That would be the only way to get a
thorough report. I don't think that tool exists but I will also be
watching this thread.

"Barry Koopersmith" <bkoopersmith@NO_SPAMaarcorp.com>
Click to expand...
wrote in message [email protected]>...
 
Hi Barry,

The Windows Directory service does not store the users' shared folder
information. The permission on each workstation are saved in registry or
ACL. We may have to use a script to check every PC to achieve what you want.

Sincerely,

William Wang
Microsoft Online Support Engineer

Get Secure! - www.microsoft.com/security
=========================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=========================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Hi Barry,

I just want to add a supplement. You may use the SomarSoft's DumpSec
(formerly known as DumpAcl) to see if it helps. For scripting questions,
you can post them in the Developer newsgroups. I have provided the link
below to access Developer newsgroups. By posting here, you may get some
pointers from others who may have had similar experience that they can
share with you.

http://msdn.microsoft.com/newsgroups/default.asp

Sincerely,

William Wang
Microsoft Online Support Engineer

Get Secure! - www.microsoft.com/security
=========================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=========================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
X-Tomcat-ID: 170677416
References: <[email protected]>
Click to expand...
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
From: (e-mail address removed) (William Wang[MSFT])
Organization: Microsoft
Date: Thu, 24 Jun 2004 07:52:44 GMT
Subject: Re: Report of Security Group folder rights
X-Tomcat-NG: microsoft.public.win2000.active_directory
Message-ID: <[email protected]>
Newsgroups: microsoft.public.win2000.active_directory
Lines: 75
Path: cpmsftngxa10.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:83103
NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182

Hi Barry,

The Windows Directory service does not store the users' shared folder
information. The permission on each workstation are saved in registry or
ACL. We may have to use a script to check every PC to achieve what you want.

Sincerely,

William Wang
Microsoft Online Support Engineer

Get Secure! - www.microsoft.com/security
=========================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=========================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: <[email protected]>
Sender: <[email protected]>
References: <[email protected]>
Click to expand...
Subject: Re: Report of Security Group folder rights
Date: Thu, 3 Jun 2004 08:36:29 -0700
Lines: 39
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcRJgIoWWSKNqdmHR/udRp+KNA6dBw==
Newsgroups: microsoft.public.win2000.active_directory
Path: cpmsftngxa10.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:81150
NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
X-Tomcat-NG: microsoft.public.win2000.active_directory

Before we switched to a Windows 2000 server two years ago,
we used a Novell Netware v4.11 server. With Netware, in
the same screens that you create a group and add members,
you assign and view what network directories and rights
that group has rights to. Are you saying there is no way
to do this in Active Directory?

How can I tell if it is safe to delete a group which may
no longer be used if I cannot tell if that group has
rights somewhere? It is not a good design by Microsoft if
I have to delete the group and wait to see if someone
complains that they cannot access a folder.

wrote in message [email protected]>...
Click to expand...
Click to expand...
 
Back
Top