Solved

Get admin rights

Posted on 2013-06-19
4
284 Views
Last Modified: 2013-06-24
Hi,

I was asked to chart all administrative permissions in a domain.

- What accounts and groups have administrative permissions
- Chart all the permissions on file shares and subfolders

how to achieve this?

(windows 2008 R2 domain)
0
Comment
Question by:SvenIA
4 Comments
 
LVL 1

Accepted Solution

by:
jamaicanbishop earned 167 total points
Comment Utility
Take a look at this diagram it outlines admin groups in AD

http://technet.microsoft.com/en-us/library/cc771990.aspx

Otherwise it will be a somewhat manual process unless you have a tool such as Privilege Manager that does reporting on this.
0
 
LVL 10

Assisted Solution

by:jmanishbabu
jmanishbabu earned 167 total points
Comment Utility
Chart all the permissions on file shares and subfolders

One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Windows Server 2003 Resource Kit Tools is a better alternative:

      CD /D d:\directory2check
      SHOWACLS /U:domain\userid

Check all the Commnads here

http://www.robvanderwoude.com/ntadmincommands.php#Cmd05
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 166 total points
Comment Utility
Hi.

> What accounts and groups have administrative permissions
Already wrong question. Correct would be: "What account or group is member of the local admins group at what computer?" and "Which accounts are members of domain admins (which are local admins on any domain-joined computer)?"
To check this, you would need startup (or shutdown-) scripts that execute the following command:
net localgroup administrators >\\server\share\logs\localAdmins\%computername%.txt

Open in new window

> Chart all the permissions on file shares and subfolders
Icacls.exe can be used or accesscheck. First one is part of windows (Vista or later), second can be downloaded at Microsoft.
0
 
LVL 7

Author Closing Comment

by:SvenIA
Comment Utility
Thank for the information....
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now