how to extract all permissions that a domain user have on the network

Posted by Alexandre Jobin on Server Fault See other posts from Server Fault or by Alexandre Jobin
Published on 2012-04-02T14:26:07Z Indexed on 2012/04/03 5:32 UTC
Read the original article Hit count: 387

I would like to know all the permissions a windows domain user have in my network. Is there a way, with a script file or a tool, that can extract this kind of information by checking all the servers and computers in my network? I'm on a Microsoft network with Windows Server 2008 R2, Windows XP, Windows 7.

The report should include these kind of informations:

  • report all permissions that the domain user have (read, write, etc...)
  • if the domain user is in a domain group, tell me the permissions that this group have in my network

so the report could be something like this:

Permissions for USER_A in the DOMAIN.COM

  • the user is part of theses domain groups:
    • GROUP_A
    • GROUP_B
  • SERVER_A
    • W:\wwwRoot (R/W inherited from GROUP_A)
    • W:\sharedFolder (R)
  • SERVER_B
    • c:\projects (R/W)
    • c:\projects\project_a (R/W)
    • c:\projects\project_b (R/W)
    • c:\dumpfolder (R/W inherited from GROUP_B)
  • COMPUTER_A
    • LOCAL\Administrator
    • c:\ (R/W)

© Server Fault or respective owner

Related posts about Windows

Related posts about active-directory