I am looking for an automated way to dump all Global, Local group membership so we can quickly audit access to resources eg file system shares and folders. I have Visio 2007 but it doesn't seem to be able to do the users. I would like an output that can easily be scanned by eye, ideally something similar to Visio or maybea CSV that we can open in Excel.any suggestions welcome

hi there, i found the below utility http://www.securityfocus.com/tools/3786http://www.somarsoft.com/also you can use setacl utilityhope the above links are useful.sainath Windows Driver Development

Hi,You can try to modify the script I have posted in my blog:http://badzmanaois.blogspot.com/2009/03/enumerating-members-of-group-including.htmlThis lists all members of the defined groups (including nested groups). You can add a routine to query all the groups in your AD, pass each group to the EnumGroups function in the script and have the results all posted to the groups.csv output.If you have any scripting queries, please post themat "The Official Scripting Guys Forum".Regards,Salvador Manaois IIIMCITP | Enterprise & Server AdministratorMCSE MCSA MCTS(x5) CIWA C|EH My Blog: Bytes and Badz

I read your blog but can seem to find the script other than in the screenshots, is it available somewhereso I can copy/paste?

Hi, You may also refer to the following sample scripts: List Group Memberships for All the Users in an OU http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb14.mspx?mfr=true List All the Members of a Group http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb13.mspx?mfr=true If you need further assistance regarding programming, I suggest that you post to the MSND forum. The support professionals there are more experienced in programming. MSDN forum http://forums.microsoft.com/MSDN Thanks.

There is an OLD Resource Kit utility, showgrps.exe, that fits the bill. It might be available from Microsoft Downloads.It even works on windows 7/Server 08 x64.You can also use dsget with the right parameters.

Thanks for the suggestion maybe useful in another senario but these MS example scripts do not do exactly what I need.I am trying to find something that will document all Universal, Global, Local groups and the User acocunts in them. So that when I use a utility like "dumpacl" or "AccessEnum.exe" and it tells me folder permissions I can easily see what the group membership is without individually checking the groups at that time.

Hi, According to your requirement, I suggest that you create a new thread in the MSDN forum for further discussing. The support professionals there are better qualified to assist you. MSDN forum http://forums.microsoft.com/MSDN Thank you for your understanding.