Report current security in AD

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

can someone recomment a tool that I could use that would scan the current
users and computers enviroment and tell me who had access to what OU with out
enabling logining in windows 2003

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Sounds like you want something equivalent to Cacls.exe
(for file permissions) for use in AD?

Maybe DsAcls.exe from the Support Tools would suffice....

--
Herb Martin


"kahlan" <kahlan@discussions.microsoft.com> wrote in message
news:ABA66B7C-8BF7-407C-A293-3670196D9C3D@microsoft.com...
> can someone recomment a tool that I could use that would scan the current
> users and computers enviroment and tell me who had access to what OU with
out
> enabling logining in windows 2003

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I don't see how this is possible.

I would say the solution is to enable auditing and then purchase a tool that
reports on audit logs.

I use HP OpenView Operations for Windows (HP OVOW) to pull events from the
event log and notify people. You can also achieve this with a scheduled
script. You just need to know what you're looking for.

GFI have a tool that reports on event logs. Not sure, but this may be what
you're after.

--

Unless you mean who has access. In which case ACLDIAG and DSACLS may help.

--

Paul Williams

http://www.msresource.net
http://forums.msresource.net


"kahlan" <kahlan@discussions.microsoft.com> wrote in message
news:ABA66B7C-8BF7-407C-A293-3670196D9C3D@microsoft.com...
can someone recomment a tool that I could use that would scan the current
users and computers enviroment and tell me who had access to what OU with
out
enabling logining in windows 2003