|
We've been using SurfControl, but I'm in the process of
switching to Websense, because SurfControl does flaky things like this a little
too frequently. It inapropriately blocks or allows access to sites, even
though they are correctly categorized. Restart the SurfControl Webfilter
service, and the problem will probably resolve. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Friday, November 11, 2005 2:44 PM To: [email protected] Subject: RE: [ActiveDir] dumping DL permissions It’s a filtering
program that we use attached to ISA server. Basically it looks at each request
and lets it through or redirects to our AUP internal web
page. I was on joeware.net
earlier this week, and it didn’t block me. So I just went to www.surfcontrol.com (“Test a Site” link)
to make sure it wasn’t mis-categorized, because they will change it if found to
be wrong. They have it as “Computing and Internet”. Hmmm. So we’re blocking that
category now? I don’t think so…..I’ve asked our admin to take a look. Either
way, we can override here locally. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe Interesting. Is that
controlled locally or is that some blacklist service type
item? I am digging around
also. I think with some small mods, the script I wrote for dumping ACLs for
AD objects for AD3E could be used for this to generate a CSV with DLs and their
perms. It could probably further be filtered to only show ACEs with the ability
to modify membership. It is going to be considerably slower than adfind though
because it is using From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Creamer,
Mark GASP!!!!!!!! Joeware.net is suddenly
blocked by SurfCONTROL. Not kidding unfortunately <sigh> Must be that
opening pic. :-/ Oh well, thank God for
my super top secret “testing” DSL connection so I can get to the usage
documentation again. Now where the heck is that surf
admin… From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Creamer,
Mark Thanks Joe &
Brian, Time to take the feet
down off the desk again…K MC From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe Yep adfind will dump
the ntsecuritydescriptor and decode it if you specify the attribute and add the
-sddc option. Note it will be in SDDL format which is probably one of the easier
formats for scripting but worse for reading. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Brian
Desmond Dumping
all the DLs is easy. Something like adfind from joeware.net would do the trick.
I’d just query for groups with mail=* since you can have mail enabled security
grups. The ACLs, I think adfind decodes ACLs, but, you’ll still need to parse
this information into something useable. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Creamer,
Mark One of our Exchange account admins
wants to know if there is a tool that would dump a list of the name of each
distribution list in the GAL along with who has the ability to add or remove
members on each one. Would I approach this with a script or is there a tool I
should point him towards? Thanks, Mark
This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated. |
- RE: [ActiveDir] dumping DL permissions Derek Harris
