Solved

Look up which servers each user on a domain can access

Posted on 2009-04-09
7
278 Views
Last Modified: 2013-12-24
To be more specific, I have a list of developrs in my company. I need to know which servers each developer (user) has access to on the domain(s) and what type of access they have on the server. I need to know if they have access based on a security group in their AD profile and if they have access because they have been added individually.

I am thinking that I need to search the local groups on every server on the domain(s) for the user's AD account and for a security group in the user's AD account. I have never heard of this and I want some suggestions on how to do this. Please keep in mind that I am very new to this type of work. If you suggest scripting, I have only taught myself VBScript and I am still new to it. Also, if you suggest an application, please keep the price in mind. Now, I understand there may be some better options than VBScripting or using another vendor. Although I am hesitant, I am willing to look into those options as well.
0
Comment
Question by:reason4xistence
  • 3
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Nik
Comment Utility
It can be really hard to found that out if you don't have any documentation for your file/system access.
How many servers are we talking about?

You can connect via Computer Management (right click on my computer --> connect to another PC) and check the local users that way.

You should also check AD group membership for each user and see their access levels to various folders.

As I said, it's a bit messy if you haven't documented this at start.
0
 

Author Comment

by:reason4xistence
Comment Utility
Yikes! That was not what I was hoping to hear. I am talking about hundreds of servers and thousands of security groups. If I could start creating documentation that would be great. But documentation was not done at the start. This is an impossible task to do manually as you suggested because of the volume of servers and security groups. I was hoping an application was already created to do this task.
0
 
LVL 17

Expert Comment

by:Nik
Comment Utility
It is probably possible to do it via VB script, but unfortunately I can't help you with that.
We have around 30 domain controllers and every single folder access is documented.
I wish I can help you more bud, 'cause this is a really big task to do :(

I'll try to google and ask my colleagues for any ideas..
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:reason4xistence
Comment Utility
Thanks!
0
 
LVL 2

Accepted Solution

by:
Curtiss earned 500 total points
Comment Utility
check out a product called Hyena; i think sysinterals makes it? pretty robust tool for exporting local groups, domain groups, share and folder permissions, etc.
0
 

Author Comment

by:reason4xistence
Comment Utility
I will look into Hyena. Thanks.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Read about achieving the basic levels of HRIS security in the workplace.
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now