December 22, 2006 at 6:58 pm
I don't know how many of you serving as DBAs have domain admin type privileges. Probably most don't, like me. You may not even have "total control" of your sql servers in the sense that others can add users and groups without your permission or knowledge.
So the other day I find a domain group with read/write permissions on a production database holding customer data. Naturally the people that added the group had no clue how many users were in that group. Your systems team no doubt has many wonderful ways to list the contents of groups straight to excel etc.
Net group /domain ( in a DOS window ) will run on your domain controller and list the groups. net group /domain|more gives you a better look, or redirect to a file. net group /domain>mylist.txt
If you want to see the users in a group: net group /domain "my group" We wish spaces were not allowed in anything-- group names, folders, files but it's hard to combat that. So put double quotes, not single, around group names with spaces in them.
Do you have a better way of getting this information into excel or something like that? I'd love to hear it.
Randy
December 25, 2006 at 8:00 am
This was removed by the editor as SPAM
December 26, 2006 at 4:34 pm
I found a couple of utilities csvde.exe and ldifde.exe which look promising. Why do we care? If you have domain groups added to sql server as logins, and you don't know, exactly, at all times, who is in those groups, including groups nested within groups, then you don't know who has what kind of access to your data.
Randy
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply