Do you know the username or do you just know it starts with RON? Also… Do you think there are multiple accounts that start with RON? And are these local or domain users?
Do you know the username or do you just know it starts with RON? Also… Do you think there are multiple accounts that start with RON? And are these local or domain users?
Ben
The user names to be audited starts with prefix RON. Would it be possible having wildcard after the RON as well?
q: effective read permissions for (“username1”;“username2”;“domain\username3”) of dacls of security descriptors of key “HKEY_LOCAL_MACHINE\Software” of registry
OR something like
q: effective read permissions for (names of local users whose (name of it as lowercase starts with “ron”)) of dacls of security descriptors of key “HKEY_LOCAL_MACHINE\Software” of registry
Or you can substitute any relevance expression that returns the names of the users in the () above.
hi … if i run any of the reg queries for domain users if doesn’t return anything, i think the query is still running but wait for at least 10 minutes
is there a easier way to find out whether a user has been granted perms os a reg key … btw we have > 100k users in the domain
This should give you read permissions for every user starting with RON.
Q: (((account name of it,domain name of it) of trustee of it, read permissions of it) of it) of entries whose (account name of trustee of it starts with “RON”) of dacl of security descriptor of key “HKEY_LOCAL_MACHINE\Security” of registry
This may not be the most efficient of queries but it will return the data you are looking for. There is a situation where, when a user has inherited read permissions and explicit read permissions, they will be listed twice.
Q: conjunction of (read permissions of entries whose (account name of trustee of it starts with “RON”) of dacl of security descriptor of key “HKEY_LOCAL_MACHINE\Security” of registry)
This will return true if all users starting with RON have read permissions on HKLM\Security
on bens 2nd query - for local users if the user does not exist I get 0 results which doesn’t return a true / false at all for me, for domain users which is what i’m looking for … in the graphical breakdown view i just see ??? … i have given it al least 10 minutes and it still seems to be thinking about giving me an answer i.e. just ??? I simple true / false on whether the acl is applied directly to the key in question is what I am after … thanks
q: read permissions of entries whose (account name of trustee of it = “Administrators”) of dacl of security descriptor of key “HKEY_LOCAL_MACHINE\Security” of registry
This would be true if Administrators have access to read this particular key.
I get multiple results for the admin group, nothing back for teh admin user … . and again if i replace with a domain user account I get nothing back at all … oh well i guess its back to good old vbscript on this one
