Announcement

Collapse
No announcement yet.

Security Group NTFS Permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Group NTFS Permissions

    Recently migrated NetWare 5.1 NDS to Windows Server 2003 AD Domain.
    Need a way to find where Security Group NTFS permissions are applied.

    Tried dsquery, dsget, etc... not giving me what I need.

    Have several hundred security groups to validate.

    I'm no programmer so go easy on the scripting.

  • #2
    Re: Security Group NTFS Permissions

    I'm not sure exactly what you're after. Are you wanting to see what groups have what permissions and where they have them? (not to be too convoluted )

    Does this thread talk about what you're looking for? http://forums.petri.com/showthread.php?t=10959
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Security Group NTFS Permissions

      or Do you want to dump the NTFS ACL?
      Then DumpSec can help you out.
      http://www.systemtools.com/somarsoft/index.html
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Security Group NTFS Permissions

        I want to query security group(s) and see the folders and ntfs permissions associated.
        Dumpsec seems to work at the file system level only.

        I need to validate all the security groups migrated over from NDS.
        I suspect we have numerious security groups, with members, that do not provide permissions to anything in the file system.

        Comment


        • #5
          Re: Security Group NTFS Permissions

          Originally posted by DrTrepan View Post
          I want to query security group(s) and see the folders and ntfs permissions associated.
          Security groups are not associated with files but rather are associated with security principals (users, groups, etc.). Files and folders in NTFS have ACLs that tell the system what groups, users, and Special Identities can do with that given file or folder.

          Given that information, to find out who has access to what you need to gather that information from the various resources themselves, not the groups.

          Does that make sense?

          Anyone please feel free to add/correct anything.
          Regards,
          Jeremy

          Network Consultant/Engineer
          Baltimore - Washington area and beyond
          www.gma-cpa.com

          Comment


          • #6
            Re: Security Group NTFS Permissions

            Thanks! Makes sense.
            How do I determine what security principals are associted with NTFS ACLs?

            Comment


            • #7
              Re: Security Group NTFS Permissions

              The only way I can think of is to dump the list of security groups from AD ("dsquery group | dsget -samid" will do) and compare with the list of groups dumped by dumpsec or similar.
              Make sure not to wipe some default/built-in groups though...
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment

              Working...
              X