|
Posted by S. Pidgorny on March 20, 2008, 9:15 pm
Please log in for more thread options
I don't believe you can obtainb all that information on local accounts. In
AD, some additional info is available in metadata but still the question of
"what they are allowed to access" is not a matrter of querying the directory
but a matter of enumerating all resources and the rights.
I'd say - narrow the score of audit, to include group membership and shared
resource audit. Exclude local accounts.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
> Does anybody know of an existing script/package to generate a report
> like this:
>
> We need a copy of an OS account audit report. This report will include
> a status review of all currently open accounts on all Windows servers,
> when those accounts were activated, who created them, what they are
> allowed to access, and what their privilege levels are. It needs to
> include both local and AD accounts.
>
> We have 500 Windows 2003 servers so obviously we need a way to
> automate this. :)
| 
XML Sitemap