• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 888
  • Last Modified:

How to discover where security groups are applied

How do I determine what folders a security group is applied to?  I know the group, I know the members of the group, but I don't know where the group is applied.

I have a 2003 active directory network.
0
NFCC
Asked:
NFCC
2 Solutions
 
LauraEHunterMVPCommented:
This is a common question with a not-so-simple answer.  Because Active Directory uses Discretionary Access Control Lists, a security group can be put into use to secure any resource anywhere on your network, including within AD as well as resources on a file server.

You can view permissions within Active Directory using the dsrevoke.exe command-line tool (free download, Google for the most current link), or cacls.exe to view permissions that have been assigned to one or more file systems (cacls is also a free download.)

If you have a lot of servers and/or a somewhat forgiving userbase, the simplest way to determine where a security group is in use is to convert it to a distribution group and then sit back and see who complains that they can't access XYZ resource anymore.
0
 
CoccoBillCommented:
Yup, unfortunately you'll either have to go through each and every resource manually, or use some 3rd party resource audit/inventory tool. There are some free ones also, try WinAudit: http://www.pxserver.com/WinAudit.htm
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now