Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Look up which servers each user on a domain can access

Posted on 2009-04-09
7
Medium Priority
?
286 Views
Last Modified: 2013-12-24
To be more specific, I have a list of developrs in my company. I need to know which servers each developer (user) has access to on the domain(s) and what type of access they have on the server. I need to know if they have access based on a security group in their AD profile and if they have access because they have been added individually.

I am thinking that I need to search the local groups on every server on the domain(s) for the user's AD account and for a security group in the user's AD account. I have never heard of this and I want some suggestions on how to do this. Please keep in mind that I am very new to this type of work. If you suggest scripting, I have only taught myself VBScript and I am still new to it. Also, if you suggest an application, please keep the price in mind. Now, I understand there may be some better options than VBScripting or using another vendor. Although I am hesitant, I am willing to look into those options as well.
0
Comment
Question by:reason4xistence
  • 3
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Nik
ID: 24109816
It can be really hard to found that out if you don't have any documentation for your file/system access.
How many servers are we talking about?

You can connect via Computer Management (right click on my computer --> connect to another PC) and check the local users that way.

You should also check AD group membership for each user and see their access levels to various folders.

As I said, it's a bit messy if you haven't documented this at start.
0
 

Author Comment

by:reason4xistence
ID: 24109876
Yikes! That was not what I was hoping to hear. I am talking about hundreds of servers and thousands of security groups. If I could start creating documentation that would be great. But documentation was not done at the start. This is an impossible task to do manually as you suggested because of the volume of servers and security groups. I was hoping an application was already created to do this task.
0
 
LVL 17

Expert Comment

by:Nik
ID: 24109905
It is probably possible to do it via VB script, but unfortunately I can't help you with that.
We have around 30 domain controllers and every single folder access is documented.
I wish I can help you more bud, 'cause this is a really big task to do :(

I'll try to google and ask my colleagues for any ideas..
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:reason4xistence
ID: 24110090
Thanks!
0
 
LVL 2

Accepted Solution

by:
Curtiss earned 2000 total points
ID: 24120863
check out a product called Hyena; i think sysinterals makes it? pretty robust tool for exporting local groups, domain groups, share and folder permissions, etc.
0
 

Author Comment

by:reason4xistence
ID: 24196857
I will look into Hyena. Thanks.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question