Join Log in
Score:-1
avatar Server

How can I see who has the permission to retrieve Active Directory data?

ar flag
Moshe

I discovered sensitive data within my Active Directory groups in the "description" field. How can I see which users have read access to that data?

42
1 + 3
Semicolon avatar
jo flag
Semicolon
asking and answering your own question in under a minute?
0
Reply
ar flag
Moshe
"To be crystal clear, it is not merely OK to ask and answer your own question, it is explicitly encouraged." https://stackoverflow.blog/2011/07/01/its-ok-to-ask-and-answer-your-own-questions/
0
Reply
Semicolon avatar
jo flag
Semicolon
And now I know. Thank you.
0
Reply
Score:2
avatar Server
ar flag
Moshe

The "List contents" permission is used to list the entries within Active Directory and the "Read all properties" permission is used to read the contents. By default, "Authenticated Users" are given both "List contents" and "Read all properties" permissions. You can examine the permissions for "Authenticated Users" directly by doing the following:

  1. Launch "Active Directory Users and Computers"
  2. Click the menu: View -> Advanced Features
  3. Right click on "Domain Tree" and select "Properties"
  4. Click the "Security" tab
  5. Click on "Advanced"
  6. Click on the "Effective Access" tab
  7. Click on "Select a user" and enter "Authenticated Users"
  8. Click on "View Effective Access"
  9. You can see that "List contents" and "Read all properties" are both checked to be available.
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.