Solved

LDAP query for Security group NTFS permissions

Posted on 2009-04-15
3
1,059 Views
Last Modified: 2012-05-06
We currently have 1 domain running server 2003. Is there i way i can query a security group and it's permissions to all folder within the domain?
0
Comment
Question by:derekjr
  • 2
3 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 24147400
LDAP is just the directory service for your AD; it does neither know nor care about where the groups and users have permissions.
To create more or less concise reports for security, try one of these:
SystemTools/Somarsoft (my favorite tool):
* DumpSec (http://www.systemtools.com/somarsoft)
Or these tools from Sysinternals:
* AccessEnum (http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx)
* AccessChk (http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx)
* ShareEnum (http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx)
Or this one from Scriptlogic:
* Security Explorer (http://www.scriptlogic.com/products/securityexplorer/)
0
 

Author Comment

by:derekjr
ID: 24148689
So i would have to run DumpSec on every file server we have?

0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 24148911
Yes; NTFS, share, and other permissions are always a part of the host on which the share resides.
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now