Need Excel Guru help! Folder Structure planning



  • First of all.. this is nothing serious or urgent.
    Second, I am a complete noob when it comes to vbs or functions. I only know basics functions, but it is not enough for me to accomplish what I am planning on doing
    Third, it does not need to be Excel, if other program can accomplish the same result

    So I am working on rebuilding folder structure. I want to present the structure, NTFS folder permission in details to my manager before proceeding any further. I just don't know how to construct the excel or where to begins.

    We will have 5 folders at the root. Each folder will have 1 or 2 folders within. Each sub folder will have different folder permission to prevent users from snooping around. Similar to IT folder with Tech lvl1, Tech lvl2, and Admin. Admin will have access all folders. lvl2 can only access lvl2 & lvl1. lvl1 only allow to access lvl1. We give folder permission to Group, never users.

    I will need (Column) Group security, Folder name, Folder Path, Description of folder, Allows, Denies. Users will be in Rows.
    To me this seem like a data table so I turned to Excel. If you have a fresh copy of what it might looks like please let me know.

    If this is not the case, or I over complicate the matter please enlighten me.
    Thanks !!!!



  • Are you simply wanting to pull what you have in place today?



  • @DustinB3403 said:

    Are you simply wanting to pull what you have in place today?

    Not ideally, but that is an option.

    My manager is not techsavvy and has little understanding to NTFS folder permission. He even told me to put anything confidential on a different server so no one can gain access to it... I was like... hello? Folder Permission?

    So I need something very simple, but detail enough for him to understand what is going on.



  • So would a powershell script that puts everyone and their permissions groups into an excel spreadsheet work? I wrote the below script...

    Just provide your domain credentials and give it a minute or so to run.

    # This script will export all users of the specified domain, and their group memberships to a CSV file. The usefulness of this tool is expressed when
    # setting up new hire employees or reviewing domain membership permissions.
    
    # It's not advisable to store the user credentials required to run this script as they can be decrypted. This script is not designed to save these credentials but could be modified to do so.
    
    # Use of this script implies that you understand what it does, and will do to with regards to your Active Directory installation members and group memberships.
    # As designed there are no changes made to your installation, the script simply generates a report of members, and their group memberships. 
    # Any changes to this script are the responsibility of the person/organization which made said changes. 
    
    # We cannot be held responsible for your misuse or misunderstanding of this script as it was designed.
    #
    #
    #
    
    #
    # Imports Active Directory information 
    Import-Module Activedirectory
    $credentials = Get-Credential
    # Prompts for user credentials default user is “   ”, enter an administrator account in the form of “domain-name\administrator-account”
    Get-ADUser -Credential $credentials  -Filter * -Properties DisplayName,EmailAddress,memberof,DistinguishedName,Enabled |  %  {
      New-Object PSObject -Property  @{
    	UserName = $_.DisplayName 
    	EmailAddress = $_.EmailAddress
    	DistinguishedName = $_.DistinguishedName
    	Enabled = $_.Enabled
    # Deliminates the document for easy copy and paste using ";" as the delimiter. Incredibly useful for Copy & Paste of group memberships to new hire employees.
    	Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ";"
    	}
    # The export path is variable change to desired location on domain controller or end user computer. 
    } | Select UserName,EmailAddress,@{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}},Groups,Enabled | Sort-Object Username | Export-Csv $ENV:UserProfile\Documents\User-Permissions.csv –NTI


  • @DustinB3403 said:

    So would a powershell script that puts everyone and their permissions groups into an excel spreadsheet work? I wrote the below script...

    Just provide your domain credentials and give it a minute or so to run.

    This script will export all users of the specified domain, and their group memberships to a CSV file. The usefulness of this tool is expressed when

    setting up new hire employees or reviewing domain membership permissions.

    It's not advisable to store the user credentials required to run this script as they can be decrypted. This script is not designed to save these credentials but could be modified to do so.

    Use of this script implies that you understand what it does, and will do to with regards to your Active Directory installation members and group memberships.

    As designed there are no changes made to your installation, the script simply generates a report of members, and their group memberships.

    Any changes to this script are the responsibility of the person/organization which made said changes.

    We cannot be held responsible for your misuse or misunderstanding of this script as it was designed.

    Imports Active Directory information

    Import-Module Activedirectory
    $credentials = Get-Credential

    Prompts for user credentials default user is “ ”, enter an administrator account in the form of “domain-name\administrator-account”

    Get-ADUser -Credential $credentials -Filter * -Properties DisplayName,EmailAddress,memberof,DistinguishedName,Enabled | % {
    New-Object PSObject -Property @{
    UserName = $.DisplayName
    EmailAddress = $
    .EmailAddress
    DistinguishedName = $.DistinguishedName
    Enabled = $
    .Enabled

    Deliminates the document for easy copy and paste using ";" as the delimiter. Incredibly useful for Copy & Paste of group memberships to new hire employees.

    	Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ";"
    	}
    

    The export path is variable change to desired location on domain controller or end user computer.

    } | Select UserName,EmailAddress,@{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}},Groups,Enabled | Sort-Object Username | Export-Csv $ENV:UserProfile\Documents\User-Permissions.csv –NTI

    Not really what I am looking for. All users will receive new 'members' as I do not plan on using the same member groups. I just want to know what will it looks like.

    Anyway, I will run the script after hours, and see if it can point me to the right direction.



  • That will pull your current permission settings for your domain.

    You can then build from what it generates...



  • @LAH3385 said:

    @DustinB3403 said:

    So would a powershell script that puts everyone and their permissions groups into an excel spreadsheet work? I wrote the below script...

    Just provide your domain credentials and give it a minute or so to run.

    This script will export all users of the specified domain, and their group memberships to a CSV file. The usefulness of this tool is expressed when

    setting up new hire employees or reviewing domain membership permissions.

    It's not advisable to store the user credentials required to run this script as they can be decrypted. This script is not designed to save these credentials but could be modified to do so.

    Use of this script implies that you understand what it does, and will do to with regards to your Active Directory installation members and group memberships.

    As designed there are no changes made to your installation, the script simply generates a report of members, and their group memberships.

    Any changes to this script are the responsibility of the person/organization which made said changes.

    We cannot be held responsible for your misuse or misunderstanding of this script as it was designed.

    Imports Active Directory information

    Import-Module Activedirectory
    $credentials = Get-Credential

    Prompts for user credentials default user is “ ”, enter an administrator account in the form of “domain-name\administrator-account”

    Get-ADUser -Credential $credentials -Filter * -Properties DisplayName,EmailAddress,memberof,DistinguishedName,Enabled | % {
    New-Object PSObject -Property @{
    UserName = $.DisplayName
    EmailAddress = $
    .EmailAddress
    DistinguishedName = $.DistinguishedName
    Enabled = $
    .Enabled

    Deliminates the document for easy copy and paste using ";" as the delimiter. Incredibly useful for Copy & Paste of group memberships to new hire employees.

    	Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ";"
    	}
    

    The export path is variable change to desired location on domain controller or end user computer.

    } | Select UserName,EmailAddress,@{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}},Groups,Enabled | Sort-Object Username | Export-Csv $ENV:UserProfile\Documents\User-Permissions.csv –NTI

    Not really what I am looking for. All users will receive new 'members' as I do not plan on using the same member groups. I just want to know what will it looks like.

    Anyway, I will run the script after hours, and see if it can point me to the right direction.

    Have you considered just created something in prezi or powerpoint that is a visual representation of what you will do? It doesn't sound like you need real data to me. They just need to understand the concept.



  • @DustinB3403 said:

    That will pull your current permission settings for your domain.

    You can then build from what it generates...

    I will give it a shot tonight

    @wirestyle22 said:

    @LAH3385 said:

    @DustinB3403 said:

    So would a powershell script that puts everyone and their permissions groups into an excel spreadsheet work? I wrote the below script...

    Just provide your domain credentials and give it a minute or so to run.

    This script will export all users of the specified domain, and their group memberships to a CSV file. The usefulness of this tool is expressed when

    setting up new hire employees or reviewing domain membership permissions.

    It's not advisable to store the user credentials required to run this script as they can be decrypted. This script is not designed to save these credentials but could be modified to do so.

    Use of this script implies that you understand what it does, and will do to with regards to your Active Directory installation members and group memberships.

    As designed there are no changes made to your installation, the script simply generates a report of members, and their group memberships.

    Any changes to this script are the responsibility of the person/organization which made said changes.

    We cannot be held responsible for your misuse or misunderstanding of this script as it was designed.

    Imports Active Directory information

    Import-Module Activedirectory
    $credentials = Get-Credential

    Prompts for user credentials default user is “ ”, enter an administrator account in the form of “domain-name\administrator-account”

    Get-ADUser -Credential $credentials -Filter * -Properties DisplayName,EmailAddress,memberof,DistinguishedName,Enabled | % {
    New-Object PSObject -Property @{
    UserName = $.DisplayName
    EmailAddress = $
    .EmailAddress
    DistinguishedName = $.DistinguishedName
    Enabled = $
    .Enabled

    Deliminates the document for easy copy and paste using ";" as the delimiter. Incredibly useful for Copy & Paste of group memberships to new hire employees.

    	Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ";"
    	}
    

    The export path is variable change to desired location on domain controller or end user computer.

    } | Select UserName,EmailAddress,@{l='OU';e={$_.DistinguishedName.split(',')[1].split('=')[1]}},Groups,Enabled | Sort-Object Username | Export-Csv $ENV:UserProfile\Documents\User-Permissions.csv –NTI

    Not really what I am looking for. All users will receive new 'members' as I do not plan on using the same member groups. I just want to know what will it looks like.

    Anyway, I will run the script after hours, and see if it can point me to the right direction.

    Have you considered just created something in prezi or powerpoint that is a visual representation of what you will do? It doesn't sound like you need real data to me. They just need to understand the concept.

    I will look into Perzi

    I just don't know where to begins


  • Service Provider

    If this is a rebuild and starting fresh, are you considering dropping the SMB LAN legacy world and looking at modern replacements instead of implementing a brand new legacy approach?



  • @scottalanmiller said:

    If this is a rebuild and starting fresh, are you considering dropping the SMB LAN legacy world and looking at modern replacements instead of implementing a brand new legacy approach?

    I'm open to anything, but implementing will required multiple approvals from higher ups. Anyhow, what's on your mind SAM?


  • Service Provider

    @LAH3385 said:

    @scottalanmiller said:

    If this is a rebuild and starting fresh, are you considering dropping the SMB LAN legacy world and looking at modern replacements instead of implementing a brand new legacy approach?

    I'm open to anything, but implementing will required multiple approvals from higher ups. Anyhow, what's on your mind SAM?

    Well that would really depend on how you guys use documents. But looking at systems like SharePoint and ownCloud could make a lot of sense.



  • @scottalanmiller said:

    @LAH3385 said:

    @scottalanmiller said:

    If this is a rebuild and starting fresh, are you considering dropping the SMB LAN legacy world and looking at modern replacements instead of implementing a brand new legacy approach?

    I'm open to anything, but implementing will required multiple approvals from higher ups. Anyhow, what's on your mind SAM?

    Well that would really depend on how you guys use documents. But looking at systems like SharePoint and ownCloud could make a lot of sense.

    Would you recommend SharePoint or ownCloud in an environment of 100 users, 1 location.



  • @LAH3385 said:

    @scottalanmiller said:

    @LAH3385 said:

    @scottalanmiller said:

    If this is a rebuild and starting fresh, are you considering dropping the SMB LAN legacy world and looking at modern replacements instead of implementing a brand new legacy approach?

    I'm open to anything, but implementing will required multiple approvals from higher ups. Anyhow, what's on your mind SAM?

    Well that would really depend on how you guys use documents. But looking at systems like SharePoint and ownCloud could make a lot of sense.

    Would you recommend SharePoint or ownCloud in an environment of 100 users, 1 location.

    Personal preference would be ownCloud... I don't have much experience with Sharepoint, but it could likely work for that as well.



  • They key here with all of these solutions is to NOT use the sync clients. The sync clients open you to the same type of encryption attach from cryptoware.

    Though - depending on settings, versioning I suppose could save you, I have no idea what it takes to roll back whole sections of files in any of those systems.


  • Service Provider

    @Dashrender said:

    They key here with all of these solutions is to NOT use the sync clients. The sync clients open you to the same type of encryption attach from cryptoware.

    Though - depending on settings, versioning I suppose could save you, I have no idea what it takes to roll back whole sections of files in any of those systems.

    By default that is not an issue with ownCloud.
    0_1456761514029_upload-02de2ff5-5dcc-40c9-a8c7-f97e7e8a456a


  • Service Provider

    Yeah it would suck to have to revert things manually, but it is there to be done.


  • Service Provider

    @LAH3385 said:

    @scottalanmiller said:

    @LAH3385 said:

    @scottalanmiller said:

    If this is a rebuild and starting fresh, are you considering dropping the SMB LAN legacy world and looking at modern replacements instead of implementing a brand new legacy approach?

    I'm open to anything, but implementing will required multiple approvals from higher ups. Anyhow, what's on your mind SAM?

    Well that would really depend on how you guys use documents. But looking at systems like SharePoint and ownCloud could make a lot of sense.

    Would you recommend SharePoint or ownCloud in an environment of 100 users, 1 location.

    Number of users is not a factor, it's workflow that makes the difference.


  • Banned

    Ntfs premission reporter might help. http://www.cjwdev.com


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.