Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
charlesnm

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 43
Reply with quote  #1 
Is it possible for a for a script to write for a group in our Domain to see what the group has access to?  Example group called BS has read only to share drive A and Read Write to share drive B.

I am new to PowerShell just know enough to dangerous.


Regards,

Charles
0
donoli

Senior Member
Registered:
Posts: 598
Reply with quote  #2 
Why is a script needed?  There are various group policy commands that should tell you that.
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 237
Reply with quote  #3 
There is no good solution for this because AD does not (cannot) track where a group has been used to set permissions. The best you can do is search where you have suspicions, like NTFS permissions on a specific file servers.

If you script this, please realize that the group may have been nested into something else.

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 300
Reply with quote  #4 
What Willem said. There are tools like DocuSnap or Varonis that analyse and document these things but running them on a large infrastructure (i.e. if you need a complete disclosure) can literally take weeks.
__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.