Get admin rights

Hi,

I was asked to chart all administrative permissions in a domain.

- What accounts and groups have administrative permissions
- Chart all the permissions on file shares and subfolders

how to achieve this?

(windows 2008 R2 domain)
LVL 7
SvenIAAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
jamaicanbishopConnect With a Mentor Commented:
Take a look at this diagram it outlines admin groups in AD

http://technet.microsoft.com/en-us/library/cc771990.aspx

Otherwise it will be a somewhat manual process unless you have a tool such as Privilege Manager that does reporting on this.
0
 
jmanishbabuConnect With a Mentor Commented:
Chart all the permissions on file shares and subfolders

One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Windows Server 2003 Resource Kit Tools is a better alternative:

      CD /D d:\directory2check
      SHOWACLS /U:domain\userid

Check all the Commnads here

http://www.robvanderwoude.com/ntadmincommands.php#Cmd05
0
 
McKnifeConnect With a Mentor Commented:
Hi.

> What accounts and groups have administrative permissions
Already wrong question. Correct would be: "What account or group is member of the local admins group at what computer?" and "Which accounts are members of domain admins (which are local admins on any domain-joined computer)?"
To check this, you would need startup (or shutdown-) scripts that execute the following command:
net localgroup administrators >\\server\share\logs\localAdmins\%computername%.txt

Open in new window

> Chart all the permissions on file shares and subfolders
Icacls.exe can be used or accesscheck. First one is part of windows (Vista or later), second can be downloaded at Microsoft.
0
 
SvenIAAuthor Commented:
Thank for the information....
0
All Courses

From novice to tech pro — start learning today.