New Friend (or an Old Friend who Built a New Account)
Registered: 1501005838 Posts: 35
Reply with quote #1
Is it possible for a for a script to write for a group in our Domain to see what the group has access to? Example group called BS has read only to share drive A and Read Write to share drive B.
I am new to PowerShell just know enough to dangerous. Regards, Charles
Registered: 1454887308 Posts: 584
Reply with quote #2
Why is a script needed? There are various group policy commands that should tell you that.
Registered: 1451582051 Posts: 229
Reply with quote #3
There is no good solution for this because AD does not (cannot) track where a group has been used to set permissions. The best you can do is search where you have suspicions, like NTFS permissions on a specific file servers.
If you script this, please realize that the group may have been nested into something else. __________________ [MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
Registered: 1451592353 Posts: 268
Reply with quote #4
What Willem said. There are tools like DocuSnap or Varonis that analyse and document these things but running them on a large infrastructure (i.e. if you need a complete disclosure) can literally take weeks.
__________________ Evgenij Smirnov My personal blog (German): http://www.it-pro-berlin.de/ My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/