如何扫描网络以查找具有授予已删除用户权限的共享(然后将其删除)
我正在寻找已删除的用户帐户的权限清理。
我希望能够扫描域中的所有顶级共享并删除这些权限。我查看了 Share Enum但它似乎并不是真正为此类活动而设置的。
I'm looking to clean up permissions for user accounts which have been deleted.
I would like to be able to scan all top-level shares in the domain and remove those permissions. I've taken a look at Share Enum but it doesn't really seem to be set up for this type of activity.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
用户的不存在只能通过成功查找失败来确定。这意味着您需要能够成功查询 AD,并且 AD 需要响应用户不存在。您需要确保能够查询 AD 结构的整个分布。我不确定这是正确的方法。
您可以使用命令
cacls或icacls列出权限并采取操作。但我认为这是一条非常危险的路线。任何导致查找失败的网络错误都会导致不需要的文件丢失。相反,您应该考虑将用户移至隔离 OU 并禁用它们。然后,您可以获得 OU 成员列表并使用 cacls 输出处理该列表。
The non-existance of an user can only be determined by a successful failed lookup. This means you need to be able to query AD successfully, and AD needs to respond that the user doesn't exist. You need to be sure you were able to query the whole distribution of your AD-structure. I'm not sure this is the way to go.
You can use the command
caclsoricaclsto list permissions and take action. But I would consider this a highly dangerous route to go. Any network error which causes failure in lookup will result in loss of unwanted files.Instead you should consider moving users to a quarantine OU and disabling them. Then you could get a list of OU members and process that with
caclsoutput.