Give dumpsec a try
http://www.somarsoft.com/
We have used it on our file severs and it works well.
Thanks
Mike
On 9/18/06, Tom Kern [EMAIL PROTECTED] wrote:
Can someone direct me to a _vbscript_ that I can run remotely which will dump the ACl's of all file/folders on a bunch of remote
and that's kinda where the original post came from -
I've been thru this exercise with other orgs and feel the need to re-visit every
so often, esp. when I move on to another org.
BTW: I really appreciate all the feedback and I didn't
expect any specific hacks to be made public (just
I didn't actually want to 'appear' as joe but wanted to
'appease' joe. Pesky spell checker ... :)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ruston,
NeilSent: 19 September 2006 11:36To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Elevating
privileges from DA
thanks but i was looking for something scriptable...
isn't Dumpsec a gui tool?
all i really want to do is open a file for reading that has a list of servers and connect to each server and enumerate every local drive on that server and shell out to cacls.exe and run that against those
I will be out of the office starting 09/19/2006 and will not return until
09/25/2006.
I am attending a Microsoft Active Directory troubleshooting class and will
not have access to email. I will respond to your message when I return. For
any AD related issues you may contact JRC. Thanks.
List
Just to add some info here..
I am currently in the middle of an "integration" where one IT group
suggested a split the network to clone the AD environment on both sides.
Thankfully this has been abandoned after being evaluated.
I believe Microsoft Consulting Services called this solution
HI,
I have
a SharePoint sitefor a client, it is driving me crazy because the sales
people are telling me that the users for this site, cant have their password
expiring.The client is a government agency, so I don't want to be
responsible for any information being stolen.
How
big of a
I have been involved in externally facing Microsoft sponsored
extranet/Sharepoint sites.
The password gets changed.
We have a GUI web portal and we are forced to change the password.
Sales people set your security policy these days?
Ramon Linan wrote:
HI,
I have a SharePoint site for a
You might consider creating an ADAM instance which is a copy of
their LDAP source and authenticate against it. But I fully agree with you that
the better way is allow passwords to expire. If you set up the IIS
password changing extension on the server you might be able to integrate it in
I've worked for several banks and have never, ever
not seen required password changes. In fact the
reverse problem often occurs. Bank systems do not use the same
authentication model (mainframe, domain, application specific) and require
password changes on different cycles. Personnel often
ooops, forget about the Sharepoint using the clients LDAP,
they will never let us access their users database, duh!
So, now i need to fight with the project managers and
giving them reason why their password should change...my first question is still
valid.
How big of a security risk is
I have been told (BTW) by the patch management tool folks that still
support customers that buy NT patches -- that their main customers that
buy NT patches from Microsoft are banks and financial institutions.
Consider as well that when I walk into Bank of America they are running
DOS based
Let's put it this way, sales department make money , IT department
spends it :( :( :(
That's their point of view anyway...and I still don't have a good answer
to why Citibank don't force you to change your password, and they offer
web based ...?
Thanks for your email
-Original
Hi,
In the bank application case, I am not talking about the
bank users having to change the password, I was meaning the bank clients having
to change their PIN to access the online system... you did not required from
your online clients to change their PIN every X days???
Thanks
From:
Too true Susan.
Also in Banks, at least in SA, you need the Account number/PIN/Password
combination to get access to your account and not just a password.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
CPA aka Ebitz - SBS Rocks [MVP]
Interesting point It doesn't mean a darn thing but it would
interesting to see the sales folk squirm if they were asked to sign a
disclaimer document stating that they'd be responsible for password
related security breeches. What a shame it wouldn't be enforceable!
-Original
All this comments are great, does anyone have a url or document with a
list of reason for having the passwords expiring or explaining why it is
not a good thing to have non-expiring password?
Thanks
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
If you (or whatever sales guy) want to put YOUR OWN account at risk by
using an insecure password, and not changing it periodically; go ahead.
If you want to put MY money (or the owners of the company's) at risk for
the convenience of a clueless sales guy, I'm taking my money business
elsewhere.
Password cracking programs are why passwords are changed
The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3:
http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint091004.mspx
The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3:
Much as I hate to say it, convenience may win here. I know, I know . it's
bad form to have non-expiring passwords, etc, etc. Been there, preached that.
However, the usability factor is a non-trivial design consideration, and even
though we all agree that Sales people are not the most
20 matches
Mail list logo
