Access Required to Read Windows Server 2012 Security Settings and User Permissions

I want to create a service account that can connect to a Windows Server 2012 operating system and read the following:

- Users' permissions (Read, Write, etc.) to certain directories - not just for the service account but for ALL users;

- Log on settings like Password Length, Password Complexity, and Maximum Logon Failures.

It is really important for this service account to have as little access to change, delete, or create data as possible.  Ideally, It would be Read access.

What is the minimum access permissions the service account will need to be able to do this?

I am obviously not a Windows expert.  If the service account needs to be an Admin to do this, is there some way to restrict the access of an Admin account to disable its ability to change, delete, and create data on the Windows Server 2012 operating system
humbleamateurAsked:
Who is Participating?
 
MaheshConnect With a Mentor ArchitectCommented:
are you using active directory?

If yes, you can get password complexity and length details from default domain policy (group policy)

If your server is workgroup server, not you can implement local security policy for password settings above

To read the permissions on all directories, you can export file \ folder permissions for analysis
for that you don't need special account, your admin can generate that report and provide to auditor guy

There are number of tools available on internet to export file \ folders security
Like, http://cjwdev.co.uk/Software/NtfsReports/Info.html
https://mywinsysadm.wordpress.com/2011/08/17/powershell-reporting-ntfs-permissions-of-windows-file-shares/

You may use Microsoft SubinACL tool also
https://blogs.technet.microsoft.com/justinturner/2009/02/26/quick-tip-back-up-your-ntfs-security-permissions/
0
 
humbleamateurAuthor Commented:
Thanks so much!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.