AD Group Focus

This topic contains 4 replies, has 4 voices, and was last updated by Profile photo of Richard Siddaway Richard Siddaway 3 years, 2 months ago.

  • Author
    Posts
  • #13261
    Profile photo of Darth kitty
    Darth kitty
    Participant

    HI! I was trying to think how to do this.
    I inherited a large AD with secure groups
    I was happy that they were creating Shares and then granting access to those shares by creating secure groups and giving the secure groups access to those shares.
    the problem is no one documented what group went with what share

    example: I have group FS_TXSales_Client_R so somewhere out there is a file share: \\server\TXSales\client that has given read access to FS_TXSales_Client_R group

    in PowerShell is there a way to track from the group name what it's share focus is?

    thank you John

  • #13267
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    There's no central list that tells you what a group has been granted permissions to; you'd have to scan every securable object (file, folder, share, registry key, AD objects, etc) to find that out. Your naming convention probably makes it quite a bit easier to figure out what the group's intended use was, though that's no guarantee that people haven't used it in other places as well.

    Check out the AccessEnum utility, for a start.

  • #13297
    Profile photo of Darth kitty
    Darth kitty
    Participant

    Thanks Dave

  • #13298
    Profile photo of Klaas
    Klaas
    Participant

    Maybe the NTFSsecurity module is useful:

    https://ntfssecurity.codeplex.com/

  • #13303
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    In a Windows all permissions are held on the object rather than the group or user. This was a deliberate decision in the early days of Windows NT. At the time it was a differentiator from Novell and met the requirements of the US Government.

You must be logged in to reply to this topic.