Display users, groups, etc Domain permissions

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi, for our IT auditors we need to show them what user permissions everyone
has got within AD 2003. Especially the Admins. We just showed them
(auditors) the built in Admin groups, but they are not happy with this and
asked for a report on all users and what control they have. It and admin
accidently adds a user to a admin group how would we know?

I just hope you guys know of a solution we can put in place from now on.

Thanks

S
 
Archived from groups: microsoft.public.win2000.active_directory (More info?)

SW wrote:
> Hi, for our IT auditors we need to show them what user permissions everyone
> has got within AD 2003. Especially the Admins. We just showed them
> (auditors) the built in Admin groups, but they are not happy with this and
> asked for a report on all users and what control they have. It and admin
> accidently adds a user to a admin group how would we know?
>
> I just hope you guys know of a solution we can put in place from now on.

Yes, You can use Restricted groups GPO setting to force membership of
administrative groups. If one add a new user to such group it will be
removed at next GPO refresh.

--
Tomasz Onyszko
http://www.w2k.pl
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom