How can I display User groups and priviledges?
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Hi, I needs to somehow show all users and what groups and priviledges they
have. This is for our auditors. We somehow need to quickly show them that
we know users out of the IT team can't delegate control, add users to AD etc.
Is this possible? Or do you know of a 3rd party tool that can do this?
Thanks
S
Hi, I needs to somehow show all users and what groups and priviledges they
have. This is for our auditors. We somehow need to quickly show them that
we know users out of the IT team can't delegate control, add users to AD etc.
Is this possible? Or do you know of a 3rd party tool that can do this?
Thanks
S
More about : display user groups priviledges
Archived from groups: microsoft.public.win2000.active_directory (More info?)
"SW" <SW@discussions.microsoft.com> wrote in message
news:2385F2AD-9C98-43A3-8D0A-9CF5AEED3EBE@microsoft.com...
> Hi, I needs to somehow show all users and what groups and priviledges they
> have. This is for our auditors. We somehow need to quickly show them
that
> we know users out of the IT team can't delegate control, add users to AD
etc.
>
> Is this possible? Or do you know of a 3rd party tool that can do this?
Not really. (But there are likely 3rd party tools to approximate the task.)
"Privileges" come in several categories and it depends on what you mean
by that but many people would mean "permissions on files" or permissions
on other objects.
Since the permissions on files and other objects (shares, printers,
registry,
AD objects itself, etc.) are stored/set ON THE OBJECTS and not really
given to the user you would need to collect these from the file systems etc.
of every machine in the domain (and any trusting domains.)
It's not really impossible, but permission are not really "given to the
user";
they allow the user to perform some task.
Likely no "auditor" could make sense of the data if he were given ALL OF
IT -- unless that auditor brought his own tools and knew what to look for
and how to tweak the tools himself.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"SW" <SW@discussions.microsoft.com> wrote in message
news:2385F2AD-9C98-43A3-8D0A-9CF5AEED3EBE@microsoft.com...
> Hi, I needs to somehow show all users and what groups and priviledges they
> have. This is for our auditors. We somehow need to quickly show them
that
> we know users out of the IT team can't delegate control, add users to AD
etc.
>
> Is this possible? Or do you know of a 3rd party tool that can do this?
Not really. (But there are likely 3rd party tools to approximate the task.)
"Privileges" come in several categories and it depends on what you mean
by that but many people would mean "permissions on files" or permissions
on other objects.
Since the permissions on files and other objects (shares, printers,
registry,
AD objects itself, etc.) are stored/set ON THE OBJECTS and not really
given to the user you would need to collect these from the file systems etc.
of every machine in the domain (and any trusting domains.)
It's not really impossible, but permission are not really "given to the
user";
they allow the user to perform some task.
Likely no "auditor" could make sense of the data if he were given ALL OF
IT -- unless that auditor brought his own tools and knew what to look for
and how to tweak the tools himself.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Related ressources:
- ForumHow do I know if I haved administrator priviledges
- ForumUser screen resolution resets by itself
- ForumWeb Server - User Access and Priviledges .
- ForumHow to change the default user directory name?
- ForumDisplay users, groups , etc Domain permissions
- Forumhow to quickly gain admin priviledge to make changes?
- ForumHow to migrate shared priviledge?
- ForumUser in two groups Admin and Power User
- ForumProgram Groups based on user groups ?
- ForumInstalling default network printer for all users
- ForumCannot see user name in Task Manager
- ForumDisplaying domain users and groups they belong to in list
- ForumHow can I display the calendar - limited user ?
- Forumuser accounts
- ForumWhat is the Best way to give AD domain User -x right to con..
- ForumUser Accounts problem
- ForumHow does Group Policy relate to Profiles?
- ForumParallel and com ports not appearing in device manager
- ForumPart III, adding foreign groups
- ForumHow to restrict CMD.EXE and taskmgr.exe through GPO in win..
- More resources
!
