?
Solved

Get admin rights

Posted on 2013-06-19
4
Medium Priority
?
291 Views
Last Modified: 2013-06-24
Hi,

I was asked to chart all administrative permissions in a domain.

- What accounts and groups have administrative permissions
- Chart all the permissions on file shares and subfolders

how to achieve this?

(windows 2008 R2 domain)
0
Comment
Question by:SvenIA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 1

Accepted Solution

by:
jamaicanbishop earned 668 total points
ID: 39260449
Take a look at this diagram it outlines admin groups in AD

http://technet.microsoft.com/en-us/library/cc771990.aspx

Otherwise it will be a somewhat manual process unless you have a tool such as Privilege Manager that does reporting on this.
0
 
LVL 10

Assisted Solution

by:jmanishbabu
jmanishbabu earned 668 total points
ID: 39261589
Chart all the permissions on file shares and subfolders

One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Windows Server 2003 Resource Kit Tools is a better alternative:

      CD /D d:\directory2check
      SHOWACLS /U:domain\userid

Check all the Commnads here

http://www.robvanderwoude.com/ntadmincommands.php#Cmd05
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 664 total points
ID: 39261742
Hi.

> What accounts and groups have administrative permissions
Already wrong question. Correct would be: "What account or group is member of the local admins group at what computer?" and "Which accounts are members of domain admins (which are local admins on any domain-joined computer)?"
To check this, you would need startup (or shutdown-) scripts that execute the following command:
net localgroup administrators >\\server\share\logs\localAdmins\%computername%.txt

Open in new window

> Chart all the permissions on file shares and subfolders
Icacls.exe can be used or accesscheck. First one is part of windows (Vista or later), second can be downloaded at Microsoft.
0
 
LVL 7

Author Closing Comment

by:SvenIA
ID: 39270765
Thank for the information....
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question