My database structure was as follows, just 1 table with 3 columns containing the group name, the folder path and the level of permissions that were assigned: I created 2 runbooks, 1 to control the process and 1 to process each group that was retrieved from the database and email the manager of that group with the report. I used powershell to query the database and report to the group manager (designated in AD) on who has access to their folders. We needed a way to audit who had access to certain shares and to regularly report on it.Īs with anything like this there are any number of ways this could have been achieved my approach was to create a new SQL database as the authoritative source for the folders and their associated AD groups which are assigned permissions to them (this database would have to be kept up to date manually or by a different process) See this post on how to populate a central database with the NTFS permissions from a folder structure.
0 Comments
Leave a Reply. |