Archive

Posts Tagged ‘SOX’

Track Local Network Shares on SCCM 2007

Hi,

If you need to find all the local shares that users create on their computer this post might be good for you,

The first thing you need to do is to edit the sms_def.mof file for the client to start reporting of his local shares\

  1. Open the file …\Microsoft Configuration Manager\Inboxes\clifiles.src\hinv\sms_def.mof with your notepad
  2. search for   SMS_Group_Name (“Shares”), 
  3. You can change all the FALSE parameters to TRUE, or just the SMS_Report, Name and Path
  4. Now you need to wait, it can take some time that the client will start reporting about his shares

The second thing to do is to build a small report, you can use a basic report that show all the shares

SELECT TOP (100) PERCENT dbo.v_GS_SHARE.ResourceID, dbo.v_R_System.Name0 AS Hostname, dbo.v_GS_SHARE.Name0 AS ShareName,
dbo.v_GS_SHARE.Path0 AS Path
FROM dbo.v_GS_SHARE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SHARE.ResourceID = dbo.v_R_System.ResourceID

Or you can use some filter to disable administrative shares

SELECT TOP (100) PERCENT dbo.v_GS_SHARE.ResourceID, dbo.v_R_System.Name0 AS Hostname, dbo.v_GS_SHARE.Name0 AS ShareName,
dbo.v_GS_SHARE.Path0 AS Path
FROM dbo.v_GS_SHARE INNER JOIN
dbo.v_R_System ON dbo.v_GS_SHARE.ResourceID = dbo.v_R_System.ResourceID
WHERE (dbo.v_GS_SHARE.Name0 NOT LIKE ‘_$’) AND (dbo.v_GS_SHARE.Name0 <> ‘admin$’) AND (dbo.v_GS_SHARE.Name0 <> ‘ipc$’)

I’m done here , on my next post I’ll show how to generate report of permission of those shares.

PowerShell: Get Active Directory groups membership for a user

22/10/2013 2 comments

Hi,

When you have to document every change  Because you’re committed to SOX regulation, you need to extract the data fast

This PowerShell script receive an AD username and export .csv with all Active Directory groups (for Fast Copy&Past).

import-module ActiveDirectory
$name = Read-Host ‘What is the username?’
$csvvv = “.csv”
Get-ADPrincipalGroupMembership $name | select name | Export-CSV ($name+$csvvv)

Save it as .ps1 and run it from the powershell command line,