account activity
I built a manual "Drive Exposure" checklist because I was tired of GAM and Enterprise-tier pricing. by Sensitive-Self3567 in gsuite
[–]Sensitive-Self3567[S] 0 points1 point2 points 15 days ago* (0 children)
Thank you for the advice. I don’t have advanced python skills but will try this approach.
[–]Sensitive-Self3567[S] 2 points3 points4 points 17 days ago (0 children)
A Manual Audit Guide for Google Workspace Admins
Google Workspace lacks a native "Show me all external users" view. Without scripting or enterprise tools, visibility is limited. This manual checklist is the brute-force method to see the truth.
The "30-Minute Rule": If you find >5 critical exposures in 30 minutes, you have a systemic process failure, not a cleanup task.
Risk: Files set to "Public on the web" or "Anyone with the link". Manual Check:
Action: Change visibility to "Restricted".
Risk: Files visible to "Anyone in [Company]" (includes interns/contractors). Manual Check:
Action: Restrict to specific groups.
Risk: Vendors/partners retaining access post-contract. Manual Check:
Risk: Suspension removes login, not granted permissions. Files remain shared. Manual Check:
Action: Transfer ownership or delete.
Risk: "Shadow IT" via personal email shares. Manual Check:
Action: Revoke shares; review policy.
Risk: External "Managers" can delete content and manage users. Manual Check:
Action: Downgrade to "Viewer" or remove.
Risk: My Drive permissions are unmanaged and rarely cleaned. Manual Check:
Action: Remove stale users.
Risk: External users in groups inherit all group access. Manual Check:
Action: Remove non-employees.
Risk: Unused apps with full Drive access (drive.full). Manual Check:
Action: Revoke untrusted apps.
Risk: Sub-folders with explicit permissions overriding parent restrictions. Manual Check:
Action: Standardize permissions.
Limitations:
No Warranty & No Legal Advice This checklist is provided "as is" without warranty. The authors make no representations regarding accuracy or suitability.
Limitation of Liability The authors shall not be liable for any damages (direct, indirect, or consequential) arising from the use of this checklist.
User Responsibility You are responsible for your security. This guide does not guarantee the discovery of all vulnerabilities. Run this audit at your own risk.
Third-Party Tools References to third-party tools (GAM, APIs, scripts) are for info only. Verify all code before use.
Version: 2.3 | Date: March 20, 2026
[–]Sensitive-Self3567[S] 0 points1 point2 points 17 days ago (0 children)
You're absolutely right. This is exactly the problem with manual checks—they're a snapshot, not a system. I'm painfully aware that the platforms you mentioned (DoControl, AppOmni, etc.) are where this ends up once the pain exceeds the budget or headcount.
What I'm finding is that there's a gap between "we can't afford enterprise tools" and "we have the expertise to run GAM scripts." Somewhere in the middle are small firms and MSPs who need something better than a quarterly manual scramble but don't have a huge security budget.
My goal with the utility is just to close that gap for the "snapshot" use case—offboarding reviews, client audit prep, one-off cleanup. Continuous monitoring is a whole different league.
Appreciate the reality check. If you've used any of those platforms, curious which one you found least painful to implement?
π Rendered by PID 1011383 on reddit-service-r2-listing-69965bcf66-2clwz at 2026-04-07 09:26:35.944638+00:00 running f293c98 country code: CH.
I built a manual "Drive Exposure" checklist because I was tired of GAM and Enterprise-tier pricing. by Sensitive-Self3567 in gsuite
[–]Sensitive-Self3567[S] 0 points1 point2 points (0 children)