Solved

Active Directory Security Groups

Posted on 2014-01-21
3
294 Views
Last Modified: 2014-01-21
I have found some security groups that do not have a description on them and I am trying to figure out what some of these older ones are for. Is there a way to tell where those security groups are applied? Perhaps a powershell command or something?
I think the majority of the ones I'm looking at would give a user access to a server or PC and not so much to file shares. I just want to get this documented of who has access to what and be able to remove them if they aren't being used.


Thanks in advance.
0
Comment
Question by:Winsoup
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39798089
Hopefully you havent got to many servers in your organisation because IMHO you need to check server by server by hand.

If best practice has been obtained you probably only need to look at the local groups on member server and check where those Global Groups are member. Once you have mapped the servers and their Local Groups HOPEFULLY there is a descryption there because else you have to go manually through all the files and folders. Wish i could be more 'nice' to you.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39798126
You can use AccessEnum, ShareEnum and AccessChk to get the information...See links below for downloads...

AccessChk

AccessEnum

ShareEnum

Will.
0
 
LVL 3

Author Closing Comment

by:Winsoup
ID: 39798307
Accesschk seems to be working pretty well. Thank you.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question