Re: Help! How do I see what OS management rights a Group has?
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/24/05
- Next message: Varadarajam: "Active Directory User Passwords."
- Previous message: Karl Levinson, mvp: "Re: Server Hacked - Assessment and Prevention"
- In reply to: gretzkygirl44_at_yahoo.com: "Help! How do I see what OS management rights a Group has?"
- Next in thread: Steven L Umbach: "Re: Help! How do I see what OS management rights a Group has?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 May 2005 22:37:07 -0700
The situation is really no different in post-NT4 compared to NT4.
The systems may be called on to show what constitutes a group, or
what group(s) are given specific grants, but not to invert the inquery
and show all grants given to a specific group.
For that, given that you are not in a position to do the right thing
and address this with design, implementation practices, and change
control (i.e. with doc capture/update), you are in a position where
you need to recurse over all (likely first) securable objects in order
to start to answer your question. AD objs/attribs, NTFS, reg, COM+,
user rights, etc. does not matter, you will have to enumerate over them
and correlate the grants (or buy a product)
-- Roger Abell Microsoft MVP (Windows Security) <gretzkygirl44@yahoo.com> wrote in message news:1116881001.153509.291750@g43g2000cwa.googlegroups.com... > Hi, > I am trying to figure out how I can see what rights a specific group > has in an active directory domain. Not what rights the group has to a > file system but what OS rights they have. > > I am taking over management of a domain that I didn't build. It is a > windows 2000 domain with active directory (I have previously only > managed NT domains). There are several users put into several different > groups. HelpDesk, Assistants, CallCenter, etc, etc. I am trying to go > back and document what rights HelpDesk and the other groups were > assigned at creation. I thought most rights would be assignsed from > 'local security settings' but I don't see the information I am looking > for in there. For example, I know users in 'Help Desk' can reset/change > passwords from testing with their IDs (and help desk isn't part of a > built in like account operators). Is there somewhere in a gui or a > command line option to list all rights a group was given at creation? > > If I click on the group properties I only see, members, members of, > etc. > > Thanks for any advice! > M >
- Next message: Varadarajam: "Active Directory User Passwords."
- Previous message: Karl Levinson, mvp: "Re: Server Hacked - Assessment and Prevention"
- In reply to: gretzkygirl44_at_yahoo.com: "Help! How do I see what OS management rights a Group has?"
- Next in thread: Steven L Umbach: "Re: Help! How do I see what OS management rights a Group has?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
