• Locked Locked
  • Replies 17 replies
  • Subscribers 33 subscribers
  • Views 9713 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enumeration of Directly-assigned Domain Users Causing Report to Take a Long Time as well as being Very Large

Brian.Kittle
over 6 years ago

The NTFS Folder Permission with Membership report is taking an excessive amount of time to load or is failing.  The 'Domain Users' group is being fully enumerated/listed for each folder/file which is resulting in 5000 plus page reports.  I need a method of conditionally/selectively choosing which groups to NOT enumerate/expand in nested groups, etc.

  • over 6 years ago
    Hi Daniel,

    It seems like you have missed my last response dated 6th April. Can you please respond to the queries mentioned in that message? Accordingly, we will look into the possibility to incorporate the changes that you want.

    Thanks
    Naureen
  • over 6 years ago
    Hi Naureen,

    Here are the responses to your previous questions. Let me know if you need any additional information.


    Question: Can you please confirm if this parameter will hide mentioned accounts even if directly permissioned, or only when nested within another group?

    Answer:

    We need the to be able to hide the referenced accounts/groups whether directly permissioned or nested within another group.



    Question: Can you please also confirm what other parameters are you looking to include in the report?

    Answer:

    Basically I need the same parameters that are in the default “Folder Permissions with Membership” report with an additional parameter to exclude certain users/group from even being displayed. In addition, the ability to prevent the “Domain Users” group from being expanded whether directly permissioned or nested. All other groups can be expanded as they contain significantly less users than ‘Domain Users’.

    Here is a sample of the parameters included in the report including the ‘exclude’ parameter for certain users/groups.


    NTFS: Is Folder (NTFS) – Hidden parameter
    Computer: Computer Name (Computer) – Include the following computers:
    NTFS: Path (NTFS) – Include the following paths:
    NTFS: Path (NTFS) – Exclude the following paths:
    ACE: Is Inherited (ACE) – Do you want to show inherited permissions only?
    Account: Account Name (Account) – Include the following accounts:
    Account Member: Expand Direct or Nested groups – Add option to “Expand inline excluding members of Domain Users group whether direct or nested”

    Account: Account Name (Account) – Exclude the following accounts:
    (this is the parameter that excludes specified users/groups from even being displayed in the permission report)


    Thanks,
    Dan Sorenson
  • over 6 years ago
    Hi Daniel,

    Have updated the report on the link: www.quest.com/.../211

    with the following parameters:

    Computer: Include the following computers:
    Include Path – Include the following paths:
    Exclude Path – Exclude the following paths:
    Is Inherited Permissions – Do you want to show inherited permissions only?
    Include Account: Include the following accounts:
    Exlcude Account: Exclude the following accounts:
    (this is the parameter that excludes specified users/groups from even being displayed in the permission report)

    Just to mention that we have merged “Expand inline excluding members of Domain Users group whether direct or nested” in the last parameter of the updated report i.e. if you want to exclude Domain Users group from being displayed in the report then you can add the group in the last parameter (Exclude Account: Exclude the following accounts).

    Thanks
    Naureen
  • over 6 years ago
    Hi Naureen,

    Thanks for the update, however we still need Domain Users listed, just not expanded inline.

    In the case of the 'Exclude the following accounts", we are listing Admin/System/Backup Service accounts. Basically, the admin accounts we don't want/need end users to know have access.

    However in the case of Domain Users which includes all users, it is important that our end users have visibility to know that basically everyone has access to the content,

    Let me know if any additional information is needed.

    Thanks,
    Dan
  • over 6 years ago
    Hi Daniel,

    Here are the final changes that you have requested: www.quest.com/.../211.
    We have updated the report to incorporate one more parameter to exclude the groups from expansion. You can add Domain Users group in that parameter. It will show the Domain Users group in the report but will not expand it members as requested.

    If you have any enhancement requests, please reach out on our product idea page: www.quest.com/.../ or contact our support group for an enhancement request to be logged.

    Thanks
    Naureen
  • over 6 years ago
    Hi Naureen,

    Thanks for the update. The new report parameters to exclude users/group from being expanded appears to be working. However I now encounter an issue where the 'Include' Folder path does not appear to be honored. If I enter one specific folder, the report is displaying all folders and subfolders on the specified server, including folders on other shares. As a result, the report is 19,000 plus pages.

    Is there anything (parameter/setting) I need to change in order for the report to only show permissions on the specified folder or are additional custom report updates needed?

    Thanks,
    Dan
  • over 6 years ago
    Hi Daniel,

    Kindly find the updated version of the report: www.quest.com/.../211. There was a minor correction required.

    Thanks
    Naureen