Announcement

Collapse
No announcement yet.

Searching out group permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Searching out group permissions

    I have been given an interesting project. We are changing security groups, to a new standard name with new groups. So I need to create new global groups for each department and grant access with them. No problem. Only issue is that My director wants me to eventually remove all of the old groups from AD. (AD is 2003, nothing out of the ordinary)

    So here is my dilema, I am looking for a tool or utility that I can use to search out on servers and shares and see where groups are granted specific access. Is there such a utility? I would rather not search each server manually.

    Thanks in advance.

  • #2
    Re: Searching out group permissions

    Hi

    Try using the srvcheck.exe utility from the Windows 2003 Resource Kit.
    The following link will give you more info: http://msmvps.com/blogs/richardwu/ar...CL_2700_s.aspx

    Hope it helps
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Searching out group permissions

      Thanks for the reply.

      That RK tool will show shares, but it doesnt show NTFS permissions, nor does it show anything other than shares, and I know that folders have permissions explicitly applied to them as well.

      Comment


      • #4
        Re: Searching out group permissions

        Try using DumpSec from http://www.somarsoft.com/

        Comment


        • #5
          Re: Searching out group permissions

          Originally posted by wullieb1 View Post
          Try using DumpSec from http://www.somarsoft.com/
          I'm looking at finding the same info as aschwartz, but most tools I've tried, including dumpsec only give details of the permissions, not of the security of the share.

          We're reviewing all shares for an audit and I wanted to automate the discovery process rather than having to explore all shares manually.

          Looks like it's gonna be a busy week when I do this!

          Comment


          • #6
            Re: Searching out group permissions

            ???
            What do you want, NTFS persmissions (use dumpsec?) or share permissions.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Searching out group permissions

              Originally posted by jacko101 View Post
              Looks like it's gonna be a busy week when I do this!
              By the look of things it could be more like a year>>>>
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Searching out group permissions

                Originally posted by Dumber View Post
                ???
                What do you want, NTFS persmissions (use dumpsec?) or share permissions.
                I want NTFS permissions, but when I run dumpsec it seems to only give me share level permissions.

                I'm running it again now, but it's taking a while.............

                Might sound like a daft question, but should I be running it against the file server that holds all the data and shared folders or the active directory DC?

                Comment


                • #9
                  Re: Searching out group permissions

                  run dumpsec on the server that contains the sec permissions.
                  What do I know, I am only 26.

                  Comment


                  • #10
                    Re: Searching out group permissions

                    Originally posted by GrantThomas View Post
                    run dumpsec on the server that contains the sec permissions.
                    Correct, so on the fileserver
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: Searching out group permissions

                      Originally posted by Dumber View Post
                      Correct, so on the fileserver
                      That's what I figured and what I am trying, however, I don't seem to be getting the results I am after.

                      I tried it on my local workstation first, as I only have a few shares set up there, I have tried the 'Dump permissions for shares' which seems to indicate the one I want. But when I run that it seems to only show share permissions.

                      When I try it on the file server I get the list of shares, but it says 'unprotected (no dacl)' - any idea's?

                      I know the shares do have both share level and security level shares set, am I doing something wrong?

                      Comment


                      • #12
                        Re: Searching out group permissions

                        For testing purposes, open dumpsec on your local machine, then goto REPORT then select "Dump Permissions for File System". That will give you the results you are after.

                        If that is the results you are after put it on your filesvr and do it agian.

                        Thanks
                        What do I know, I am only 26.

                        Comment


                        • #13
                          Re: Searching out group permissions

                          Well there are many tools out there even from Microsoft and from former sysinternals
                          for example:
                          http://www.microsoft.com/downloads/d...displaylang=en
                          http://technet.microsoft.com/en-us/s.../bb545046.aspx

                          Although I think dumpsec is the better one
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: Searching out group permissions

                            Originally posted by Dumber View Post
                            Well there are many tools out there even from Microsoft and from former sysinternals
                            for example:
                            http://www.microsoft.com/downloads/d...displaylang=en
                            http://technet.microsoft.com/en-us/s.../bb545046.aspx

                            Although I think dumpsec is the better one
                            EFSDUMP is my personal fav..
                            What do I know, I am only 26.

                            Comment

                            Working...
                            X