Group permissions help
Group permissions help
We are currently switching over to a global domain and in the process we have to validate all of our groups in AD. I came across a group that has 50 or so people in it but I cant seem to find what the group controls. The group has no description and the members dont give any clues as to what it was for. Does anyone know a way to search the network for what this group possibly controls? I tried the obvious of removing a few people to see if anything changed for them and nothing seemed to change but I cant risk just removing everyone and seeing what happens.
You could try something like:
cacls *.* /s > foo.txt
Then filter the output using find:
find "Group Name" foo.txt
perl would be a better tool.. since DOS find kinda sucks feature wise.
Certainly cacls will show you if the group is used on the file system level, I don't know of a similar tool for share permissions, but hopefully that's manually searchable?
cacls *.* /s > foo.txt
Then filter the output using find:
find "Group Name" foo.txt
perl would be a better tool.. since DOS find kinda sucks feature wise.
Certainly cacls will show you if the group is used on the file system level, I don't know of a similar tool for share permissions, but hopefully that's manually searchable?
May 2003 - "Mission Accomplished"
June 2005 - "The mission isn't easy, and it will not be accomplished overnight"
-- G W Bush, freelance writer for The Daily Show.
June 2005 - "The mission isn't easy, and it will not be accomplished overnight"
-- G W Bush, freelance writer for The Daily Show.
-
Animalor
- Super Poster!
- Posts: 5902
- Joined: July 8, 2002, 12:03 pm
- Gender: Male
- XBL Gamertag: Anirask
- PSN ID: Anirask
- Location: Canada
Re: Group permissions help
This is one of the problems with AD. Once you give a group control to a ressource, there's no way(that I know of) to backtrack what the group controls.sarlen wrote:We are currently switching over to a global domain and in the process we have to validate all of our groups in AD. I came across a group that has 50 or so people in it but I cant seem to find what the group controls. The group has no description and the members dont give any clues as to what it was for. Does anyone know a way to search the network for what this group possibly controls? I tried the obvious of removing a few people to see if anything changed for them and nothing seemed to change but I cant risk just removing everyone and seeing what happens.
I found a tool that looks like it will pull the info I need http://www.systemtools.com/hyena/index.html not sure if its exactly what im looking for but gona give it a try.