How to Detect Who Has Direct Permissions to Your File Shares
Native Auditing vs. Netwrix Auditor for Windows File Servers
Native Auditing
Netwrix Auditor for Windows File Servers
Steps
- Open PowerShell ISE on your file server.
- Type in the following PowerShell script:
$search_folder = "\\share\path\"
$out_file = "C:\temp\directpermissionsexport.csv"
$out_error = "C:\temp\errors.csv"
$items = Get-ChildItem -Path $search_folder -recurse
$found = @()
$errors = @()
ForEach ($item in $items) {
try {
$acl = Get-Acl $item.fullname
ForEach ($entry in $acl.access) {
If (!$entry.IsInherited) {
$found += New-Object -TypeName PSObject -Property @{
Folder = $item.fullname
Access = $entry.FileSystemRights
Control = $entry.AccessControlType
User = $entry.IdentityReference
Inheritance = $entry.IsInherited
}
}
}
} catch {
$errors += New-Object -TypeName PSObject -Property @{
Item = $item.fullname
Error = $_.exception
}
}
}
$found |
Select-Object -Property Folder,User,Control,Access,Inheritance |
Export-Csv -NoTypeInformation -Path $out_file
$errors |
Export-Csv -NoTypeInformation -Path $out_err - Specify the following parameters:
- $search_folder: enter a path to a shared folder you want to inspect for direct permissions
- $out_file: enter a path to a file with results
- $out_error: enter a path to an error log file.
- Run the script.
- Open a generated .csv file produced by the script in Microsoft Excel. After that you will see what users have direct permissions to files and folders in the specified file share.
- Run Netwrix Auditor → Navigate to Reports → File Servers → File Servers - State-in-Time → Select "Object Permissions by Object" → Click "View".
- Specify the following filters:
- Object UNC Path
- Including Subfolders to Yes
- Object Type to Folders and Files
- Expand Group Membership to No
- Permissions Type to Basic
- Objects with Inherited Permissions to Hide
- Click "View Report". After that you will see what users have direct permissions to files and folders in the specified file share.
Detect the Employees with Direct Permissions to Your File Shares to Optimize Access Control and Lock Down Overexposed Data
Best practices recommend assigning permissions through group membership rather than directly. This approach helps you ensure employees have only the permissions they need to do their jobs, and thereby minimize the risk of exfiltration of sensitive data and the reach of any malware a user might inadvertently install. It also makes it easier to discover and lock down overexposed data before a breach happens. By detecting direct permissions to file shares, IT administrators can quickly remove inappropriate access and thereby strengthen IT system and data security.
Netwrix Auditor for Windows File Servers delivers complete visibility into all file activity and user behavior on your files, folders and shares. Its file analysis technology enables IT administrators to stay aware of file changes, access events and permissions by detailing who has access to what; the effective permissions by user and by object across multiple file servers and shares; and whether those permissions were assigned directly or via group membership. With this insight at hand, IT pros can make better access governance decisions and limit unnecessary access to data.
Spice Heads love Netwrix:
