AD Group Properties

Welcome Forums General PowerShell Q&A AD Group Properties

This topic contains 2 replies, has 3 voices, and was last updated by

 
Participant
2 months, 3 weeks ago.

  • Author
    Posts
  • #163599

    Participant
    Topics: 1
    Replies: 0
    Points: 11
    Rank: Member

    I need to analyze what specific groups can or cannot do, especially, which system they can access. Is there a why for me to run a script that shows me what a group can do? I don't mind doing a visual comparison, since there aren't too many groups. I just need the ability to display their capabilities.

     

    Thanks.

  • #163614

    Participant
    Topics: 1
    Replies: 1530
    Points: 2,591
    Helping Hand
    Rank: Community Hero

    Is there a why for me to run a script that shows me what a group can do?

    No. You would need to check all resources where those groups got granted access to.

  • #163620

    Participant
    Topics: 1
    Replies: 15
    Points: 34
    Rank: Member

    Olaf is right. Rights and permissions are assigned to resources, not to security principles (like groups and accounts). Keeping in control in a Windows environment is normally done through group policies.

    A deviation of that model is role based access control (RBAC), but since you imply talking about access to all your systems that won't be your solution either.

    To complicate matters even further there is also something like Dynamic Access Control, making a static overview of rights and permissions meaningless.

You must be logged in to reply to this topic.