How to Detect Users Who Have Direct Permissions on Your File Servers
Native Auditing vs. Netwrix Auditor for Windows File Servers
Native Auditing
Netwrix Auditor for Windows File Servers
Steps
- Open the PowerShell ISE on your file server → Create a new script with the following code:
$search_folder = "\\share\path\"
$out_file = "C:\temp\directpermissionsexport.csv"
$out_error = "C:\temp\errors.csv"
$items = Get-ChildItem -Path $search_folder -recurse
$found = @()
$errors = @()
ForEach ($item in $items) {
try {
$acl = Get-Acl $item.fullname
ForEach ($entry in $acl.access) {
If (!$entry.IsInherited) {
$found += New-Object -TypeName PSObject -Property @{
Folder = $item.fullname
Access = $entry.FileSystemRights
Control = $entry.AccessControlType
User = $entry.IdentityReference
Inheritance = $entry.IsInherited
}
}
}
} catch {
$errors += New-Object -TypeName PSObject -Property @{
Item = $item.fullname
Error = $_.exception
}
}
}
$found |
Select-Object -Property Folder,User,Control,Access,Inheritance |
Export-Csv -NoTypeInformation -Path $out_file
$errors |
Export-Csv -NoTypeInformation -Path $out_err
- Specify the parameters below and run the script:
- $search_folder: enter a path to a shared folder you want to inspect for direct permissions
- $out_file: enter a path to a file with results
- $out_error: enter a path to an error log file
- Open the file produced by the script in MS Excel.
- Run Netwrix Auditor → Navigate to “Reports” → Expand the “File Servers” section → Go to “File Servers - State-in-Time” → Select “Folder Permissions” → Click “View” → Set the “Expand Group Membership” filter to “No” → Click “View Report”.
- To save the report, click the "Export" button → Choose a format from the dropdown menu → Click “Save”.
How to Detect All File Server Users Who Have Directly Assigned File Permissions
Best practices recommend assigning permissions through group membership rather than directly. This approach helps you ensure that users have only the file server permissions they need to do their jobs, and thereby minimize the risk of exfiltration of sensitive data from your file servers. By determining how permissions are assigned to any user and identifying users with directly - granted Windows file server permissions, you can quickly remove inappropriate access and thereby strengthen your IT system and data security.
Netwrix Auditor for Windows File Servers delivers complete visibility into your Windows Server files, including permissions. State-in-time reports that clearly identify who has access to what are just the beginning. File analysis technology also helps you stay aware of all changes to Windows Server file permissions; determine effective permissions by user and by object across multiple file servers and shares; and understand whether those file permissions were assigned directly or via group membership.
Related How-tos