- NEW!
by C-Phil on September 25th, 2009
Trying to determine what permissions a particular group or user has. The user is changing jobs and undoubtedly has access to files/folders that are no longer appropriate.
by HasntBeen on September 25th, 2009
There's no easy way to do that. The problem is that you would have to enumerate all resources on all hosts, checking their ACLs (Access Control Lists) against the security token for the user. That would be an enormously long undertaking -- not really practical if you're planning to do it for all users.
What problem are you trying to solve?
Get Certified with testkiller.me?
by mshahid.anwer on November 23rd, 2011
| 1 person likes this
3 questions about webcomic making
by Hager_A on November 24th, 2011
| 1 person likes this
Can you text without using your thumbs?
by HoboJoe on November 22nd, 2011
| 1 person likes this
how to convert microsoft word document to jpeg
by misblue on November 10th, 2011
| 1 person likes this
is any one here a real network administrator?
by THENETWORKA on November 29th, 2011
| 1 person likes this
You're reading In Active Directory, is it possible to determine all the resources a user or group has access to, either on a particular machine or on the entire network?
Your favorite Q&A site is on Facebook! Become a fan to connect with the ever-growing community of Answerbaggers, share your thoughts and find out what Answerbag's up to next!
Comments
Was this supposed to be a comment?
You can certainly see what groups the user belongs to in AD. If your network is well structured and maintained, that will tell you what resources he has access to. Of course, it's a lot of work to structure and maintain a network so that this is easy... if that work has not been done then you do have a problem.
by HasntBeen on September 25th, 2009
Yes, I suppose it was meant to be a comment. I'm new to Answerbag.
I'm afraid our network is not so nicely structured. We do have users in groups, but the groups may have access to many folders and I'm afraid we haven't kept track as well as we should have. I was hoping this information was stored in something like a database that could be queried from different angles.
by C-Phil on September 25th, 2009
Sorry. You have remedial work to do... figuring out what resources should be available to which groups and then going around and changing the ACLs on those resources to enforce the policy. It's a big job if that's been going on a long time, typically.
by HasntBeen on September 25th, 2009
Flashing back many years, we used Netware NOS. There was a utility that provided the information I'm seeking. It's about the only feature of Netware I preferred to Windows.
by C-Phil on September 27th, 2009