[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

Get admin rights

Hi,

I was asked to chart all administrative permissions in a domain.

- What accounts and groups have administrative permissions
- Chart all the permissions on file shares and subfolders

how to achieve this?

(windows 2008 R2 domain)
0
SvenIA
Asked:
SvenIA
3 Solutions
 
jamaicanbishopCommented:
Take a look at this diagram it outlines admin groups in AD

http://technet.microsoft.com/en-us/library/cc771990.aspx

Otherwise it will be a somewhat manual process unless you have a tool such as Privilege Manager that does reporting on this.
0
 
jmanishbabuCommented:
Chart all the permissions on file shares and subfolders

One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Windows Server 2003 Resource Kit Tools is a better alternative:

      CD /D d:\directory2check
      SHOWACLS /U:domain\userid

Check all the Commnads here

http://www.robvanderwoude.com/ntadmincommands.php#Cmd05
0
 
McKnifeCommented:
Hi.

> What accounts and groups have administrative permissions
Already wrong question. Correct would be: "What account or group is member of the local admins group at what computer?" and "Which accounts are members of domain admins (which are local admins on any domain-joined computer)?"
To check this, you would need startup (or shutdown-) scripts that execute the following command:
net localgroup administrators >\\server\share\logs\localAdmins\%computername%.txt

Open in new window

> Chart all the permissions on file shares and subfolders
Icacls.exe can be used or accesscheck. First one is part of windows (Vista or later), second can be downloaded at Microsoft.
0
 
SvenIAAuthor Commented:
Thank for the information....
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now