Solved

tool or script to export group memberships and security policies

Posted on 2013-01-17
6
590 Views
Last Modified: 2014-08-02
1) Is there any easy way to export details on all local groups and group memberships into one report on a 2008 server...

i.e
users - member1,2,3
admins -member1, 2, 3
backup operators - member1, 2, 3
power users - member1, 2, 3


2)Also is there anyway to export the exact security policies (local or via a GPO) being applied to the server into a management freindly report. I.e. export the output of RSOP into a freindly readable report without having to do endless screenshots...
0
Comment
Question by:pma111
  • 3
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
rscottvan earned 500 total points
Comment Utility
1.  try this:  http://debugge.com/vbs-to-display-all-users-in-active-directory-by-group.db

2. from a command prompt, run gpresult /H c:\temp\policies.html
Then take a look at c:\temp\policies.html
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
I am not sure 2 is what I am after, RSOP is loads better as it lists the exact settings applied, rather than just the names of the GPO's - not knowing what exactly the policy configures...

http://i.technet.microsoft.com/dynimg/IC43050.gif
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
And is 1 just listing global groups, not local groups on servers?
0
 
LVL 10

Expert Comment

by:rscottvan
Comment Utility
Local Groups are easier, try this.

Set colGroups = GetObject("WinNT://.")
colGroups.Filter = Array("group")
For Each objGroup In colGroups
    Wscript.Echo objGroup.Name 
    For Each objUser in objGroup.Members
        Wscript.Echo vbTab & objUser.Name
    Next
Next

Open in new window

0
 
LVL 10

Expert Comment

by:rscottvan
Comment Utility
The results of the gpresult command should show you all the policy items being applied.  Here's a sample from my local PC.

screenshot of gpresult.htm
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now