Re: Security User access question
From: Rich G (anonymous_at_discussions.microsoft.com)
Date: 04/14/04
- Next message: Bill: "Allow only certain usb devices via group policy"
- Previous message: Bill: "lost internet & router connection after updates"
- In reply to: Andrew Mitchell: "Re: Security User access question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 14 Apr 2004 09:18:52 -0700
Hi Andy thanks very much for your input I will pass this
on to the folks in the big offices. ha ha
>-----Original Message-----
>"rgarrow.merchant@sikorsky.com"
<anonymous@discussions.microsoft.com> said
>
>> Hi,
>>
>> We are a very large org and we are looking for a way
>> either via a product or program that we could look at
all
>> of our user to see what groups > folder > files >
access
>> they have across the entire network.
>>
>> I know this is a lot to ask but I am putting this out
to
>> you all as I do believe the answer is out there.
>>
>> I am not even sure if Active Directory can provide this
>> information on a user.
>
>Active directory alone doesn't store this information,
but AD combined with
>ACL information from the file system would.
>
>> I do realize this would require a
>> database but is there such a product that is able to go
>> out and check every user and there access down to file
>> access????
>
>I don't know of any programs off the top of my head that
could do this, but
>it could be done with vbscript. You would need to do it
the other way
>around though. That is instead of enumerating users and
determining what
>files and directories they have access to, you would need
to enumerate each
>file and directory then, for each one, find out which
user or group had
>permissions, what permissions they have and, in the case
of a group,
>enumerate the group membership to find out the users.
>
>It wouldn't be simple (or quick to run) but it could be
done.
>
>The other option would be to combine vbscript with
perms.exe (from the
>resource kit) The script would need to enumerate all
users then, for each
>user, shell out to perms.exe and pipe the output (using
>> to append) to a
>text file.
>
>eg. To determine what permissions Fred has on a server
called Server1 on
>the c: drive you would shell out to:
>PERMS.EXE Server1\Fred C:\*.* /S >>PERMS.TXT
>
>The only problem with usings Perms is that it has
problems when the user
>has been granted permissions through membership of local
or global groups,
>so the pure VBScript method I mentioned earlier would be
a lot more
>accurate.
>
>Andy.
>.
>
- Next message: Bill: "Allow only certain usb devices via group policy"
- Previous message: Bill: "lost internet & router connection after updates"
- In reply to: Andrew Mitchell: "Re: Security User access question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
