AD Group Properties

Welcome Forums General PowerShell Q&A AD Group Properties

  • This topic has 2 replies, 3 voices, and was last updated 1 year ago by
    Participant
    .
Viewing 2 reply threads
  • Author
    Posts
    • #163599
      Participant
      Topics: 1
      Replies: 0
      Points: 11
      Rank: Member

      I need to analyze what specific groups can or cannot do, especially, which system they can access. Is there a why for me to run a script that shows me what a group can do? I don’t mind doing a visual comparison, since there aren’t too many groups. I just need the ability to display their capabilities.

       

      Thanks.

    • #163614
      Participant
      Topics: 5
      Replies: 2368
      Points: 5,987
      Helping Hand
      Rank: Community MVP

      Is there a why for me to run a script that shows me what a group can do?

      No. You would need to check all resources where those groups got granted access to.

    • #163620
      Participant
      Topics: 2
      Replies: 24
      Points: 87
      Helping Hand
      Rank: Member

      Olaf is right. Rights and permissions are assigned to resources, not to security principles (like groups and accounts). Keeping in control in a Windows environment is normally done through group policies.

      A deviation of that model is role based access control (RBAC), but since you imply talking about access to all your systems that won’t be your solution either.

      To complicate matters even further there is also something like Dynamic Access Control, making a static overview of rights and permissions meaningless.

Viewing 2 reply threads
  • The topic ‘AD Group Properties’ is closed to new replies.