Guys & Girls,
I have been charged with the task of auditing and rationalising all security on our NT/Win2K file servers. This is going to be a real nightmare, as there are 4 TerraBytes of data, spread across 3 servers to analyze.
The only way I can see this being done is via a program that can list all permissions through specified paths on a server (eg - Data Drives, not system/boot partitions). I wish I could say that I don't need file level permissions (as our IT dept always use Global and Local groups), but I know that end-users don't understand this, and set their own permissions "willy-nilly".
I need the output to be intuitive, so that I find answers to the following FAQs (with regard to the scanned servers):
1. "What has UserX in the DeptX got access to?"
2. "What has the group 'XYZ' got access to?"
3. "What access will UserY get if I make them a member of the group 'XYZ'?".
I would also like to be able to find groups that have become redundant, are empty or are the same as some other groups.
I am happy to write my own SQL or similar to interrogate the data, so long as the program can populate an appropriate data source.
I've tried DumpSec from SystemTools.com, and don't like the way it works on bigger systems - I'm sure it's great on a single workstation or something. Anyone have ideas on the tool I need here?
Cheers,
Sam
Please let members know if you found their posts helpful.
I have been charged with the task of auditing and rationalising all security on our NT/Win2K file servers. This is going to be a real nightmare, as there are 4 TerraBytes of data, spread across 3 servers to analyze.
The only way I can see this being done is via a program that can list all permissions through specified paths on a server (eg - Data Drives, not system/boot partitions). I wish I could say that I don't need file level permissions (as our IT dept always use Global and Local groups), but I know that end-users don't understand this, and set their own permissions "willy-nilly".
I need the output to be intuitive, so that I find answers to the following FAQs (with regard to the scanned servers):
1. "What has UserX in the DeptX got access to?"
2. "What has the group 'XYZ' got access to?"
3. "What access will UserY get if I make them a member of the group 'XYZ'?".
I would also like to be able to find groups that have become redundant, are empty or are the same as some other groups.
I am happy to write my own SQL or similar to interrogate the data, so long as the program can populate an appropriate data source.
I've tried DumpSec from SystemTools.com, and don't like the way it works on bigger systems - I'm sure it's great on a single workstation or something. Anyone have ideas on the tool I need here?
Cheers,
Sam
Please let members know if you found their posts helpful.
