willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
I need to do a permissions audit/report for my company for a few network shares, has anyone had to do this and can anyone reccomend some methods for doing it?
I'm guessing what I need to do is detail what security groups we have, who is in them and what access the groups have? Also need to do it for users who have been added outside of groups.
Any pointers or tips would be handy, sounds like a nightmare tbh 
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
never done this, but im also curious actually, its a good thing to test.
|
Richie
Member
Registered: 3rd Dec 02
Location: Newport, Wales
User status: Offline
|
Hyena / Dumpsec. Bit of tidying up afterwards - nothing too major.
|
Gaz
Member
Registered: 24th Aug 03
Location: Widnes, Cheshire
User status: Offline
|
do you not have the share set up under it's own security group?
if so, you can just report on the members of that group?
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
One share will have multiple folders, each folder may be for a certain department, each folder will only allow certain groups to access it.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
quote:
Originally posted by Richie
Hyena / Dumpsec. Bit of tidying up afterwards - nothing too major.
Both look awesome, will look into it tomorrow and hopefully produce something 
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Powershell/commandline it out into a csv is what I've done in the past.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
yeah but nigga dont know powershell syntax unless you want to do the work for me bro
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Powershell: take everything you know about scripting. And throw it out the window
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
nice 
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
powershell is gay but im growing to it now ive just literally written this so IP address get applied automatically -
code:
$IP2=gc env:computername
$IP2=$IP2.substring(5,2)
$IP2
if ($IP2 -lt 10) {($IP2=$IP2.Substring(1,1))}
elseif ($IP2 -gt 09) {($IP2=$IP2.substring(5,2))}$IP3=gc env:computername
$IP3=$IP3.substring(7,2)
$IP3
if ($IP3 -lt 10) {($IP3=$IP3.Substring(1,1))}
elseif ($IP3 -gt 09) {($IP3=$IP3.substring(7,2))}
$IPFinal=gc env:computername
$IPFinal=$IPFinal.substring(10,3)
$IPAdd=[int]$ipfinal+240
Write-host "10.${IP2}.${IP3}.${IPADD}"
Write-host "10.${ip2}.${ip3}.100"
Write-host "10.120.6.60"
New-NetIPAddress -InterfaceAlias "WIFI" -IPaddress "10.${IP2}.${IP3}.${IPADD}" -PrefixLength 24 -DefaultGateway "15.${ip2}.${ip3}.1"
Set-DnsClientServerAddress -InterfaceAlias "WIFI" -ServerAddresses "10.10.10.10"
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Why are you applying ip addresses with script instead of dhcp?
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
Securing a network you wouldn't run dhcp. Plus the subnet is split for different devices/sites. 600 sites its not manageable over dhcp.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
fair do's. I've got similar spread over a bit less than 600 sites, not enough PC's on each site to bother scripting it though, handy to know for future reference.
|
