AD Group Focus

This topic contains 4 replies, has 4 voices, and was last updated by  Richard Siddaway 3 years, 8 months ago.

  • Author
    Posts
  • #13261

    Darth kitty
    Participant

    HI! I was trying to think how to do this.
    I inherited a large AD with secure groups
    I was happy that they were creating Shares and then granting access to those shares by creating secure groups and giving the secure groups access to those shares.
    the problem is no one documented what group went with what share

    example: I have group FS_TXSales_Client_R so somewhere out there is a file share: \\server\TXSales\client that has given read access to FS_TXSales_Client_R group

    in PowerShell is there a way to track from the group name what it's share focus is?

    thank you John

  • #13267

    Dave Wyatt
    Moderator

    There's no central list that tells you what a group has been granted permissions to; you'd have to scan every securable object (file, folder, share, registry key, AD objects, etc) to find that out. Your naming convention probably makes it quite a bit easier to figure out what the group's intended use was, though that's no guarantee that people haven't used it in other places as well.

    Check out the AccessEnum utility, for a start.

  • #13297

    Darth kitty
    Participant

    Thanks Dave

  • #13298

    Klaas
    Participant

    Maybe the NTFSsecurity module is useful:

    https://ntfssecurity.codeplex.com/

  • #13303

    Richard Siddaway
    Moderator

    In a Windows all permissions are held on the object rather than the group or user. This was a deliberate decision in the early days of Windows NT. At the time it was a differentiator from Novell and met the requirements of the US Government.

You must be logged in to reply to this topic.