Solved

tool or script to export group memberships and security policies

Posted on 2013-01-17
6
591 Views
Last Modified: 2014-08-02
1) Is there any easy way to export details on all local groups and group memberships into one report on a 2008 server...

i.e
users - member1,2,3
admins -member1, 2, 3
backup operators - member1, 2, 3
power users - member1, 2, 3


2)Also is there anyway to export the exact security policies (local or via a GPO) being applied to the server into a management freindly report. I.e. export the output of RSOP into a freindly readable report without having to do endless screenshots...
0
Comment
Question by:pma111
  • 3
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
rscottvan earned 500 total points
ID: 38788526
1.  try this:  http://debugge.com/vbs-to-display-all-users-in-active-directory-by-group.db

2. from a command prompt, run gpresult /H c:\temp\policies.html
Then take a look at c:\temp\policies.html
0
 
LVL 3

Author Comment

by:pma111
ID: 38792181
I am not sure 2 is what I am after, RSOP is loads better as it lists the exact settings applied, rather than just the names of the GPO's - not knowing what exactly the policy configures...

http://i.technet.microsoft.com/dynimg/IC43050.gif
0
 
LVL 3

Author Comment

by:pma111
ID: 38792185
And is 1 just listing global groups, not local groups on servers?
0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38793928
Local Groups are easier, try this.

Set colGroups = GetObject("WinNT://.")
colGroups.Filter = Array("group")
For Each objGroup In colGroups
    Wscript.Echo objGroup.Name 
    For Each objUser in objGroup.Members
        Wscript.Echo vbTab & objUser.Name
    Next
Next

Open in new window

0
 
LVL 10

Expert Comment

by:rscottvan
ID: 38793951
The results of the gpresult command should show you all the policy items being applied.  Here's a sample from my local PC.

screenshot of gpresult.htm
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now