How to Detect Users Who Have Direct Permissions on Your File Servers

Native Auditing vs. Netwrix Auditor for Windows File Servers

Download Netwrix Auditor for Windows File Servers

Native Auditing Netwrix Auditor for Windows File Servers

Native Auditing

Netwrix Auditor for Windows File Servers

Steps

Open PowerShell ISE on your file server.
Type in the following PowerShell script:
$search_folder = "\\share\path\"
$out_file = "C:\temp\directpermissionsexport.csv"
$out_error = "C:\temp\errors.csv"

$items = Get-ChildItem -Path $search_folder -recurse

$found = @()
$errors = @()

ForEach ($item in $items) {

  try {
    $acl = Get-Acl $item.fullname

    ForEach ($entry in $acl.access) {
      If (!$entry.IsInherited) {
        $found += New-Object -TypeName PSObject -Property @{
          Folder = $item.fullname
          Access = $entry.FileSystemRights
          Control = $entry.AccessControlType
          User = $entry.IdentityReference
          Inheritance = $entry.IsInherited

        }
      }
    }
  } catch {

    $errors += New-Object -TypeName PSObject -Property @{
      Item = $item.fullname
      Error = $_.exception
    }

  }
}

$found |
Select-Object -Property Folder,User,Control,Access,Inheritance |
Export-Csv -NoTypeInformation -Path $out_file

$errors |
Export-Csv -NoTypeInformation -Path $out_err
Specify the following parameters:
- $search_folder: enter a path to a shared folder you want to inspect for direct permissions
- $out_file: enter a path to a file with results
- $out_error: enter a path to an error log file.
Run the script.
Open a generated .csv file produced by the script in Microsoft Excel. After that you will see what users have direct permissions to files and folders in the specified file share.

Run Netwrix Auditor → Navigate to Reports → File Servers → File Servers - State-in-Time → Select "Object Permissions by Object" → Click "View".
Specify the following filters:
- Object UNC Path
- Including Subfolders to Yes
- Object Type to Folders and Files
- Expand Group Membership to No
- Permissions Type to Basic
- Objects with Inherited Permissions to Hide
Click "View Report". After that you will see what users have direct permissions to files and folders in the specified file share.

How to Detect All File Server Users Who Have Directly Assigned File Permissions

Best practices recommend assigning permissions through group membership rather than directly. This approach helps you ensure that users have only the file server permissions they need to do their jobs, and thereby minimize the risk of exfiltration of sensitive data from your file servers. By determining how permissions are assigned to any user and identifying users with directly - granted Windows file server permissions, you can quickly remove inappropriate access and thereby strengthen your IT system and data security.

Netwrix Auditor for Windows File Servers delivers complete visibility into your Windows Server files, including permissions. State-in-time reports that clearly identify who has access to what are just the beginning. File analysis technology also helps you stay aware of all changes to Windows Server file permissions; determine effective permissions by user and by object across multiple file servers and shares; and understand whether those file permissions were assigned directly or via group membership.

Previous How-to

How to Enable Video Recording of Changes in Your Windows Server

Next How-to

How to Detect SharePoint Permission Changes

Related How-tos

How to Detect File Changes in a Shared Folder

How to Detect Who Changed a File or Folder Owner

How to Detect Excessive Permissions for User on Windows File Servers

How to Detect Who Read a File on Windows File Servers

How to Detect Who Tried to Modify a File or a Folder on Your Windows File Server

How to Detect Who Deleted a File from Your Windows File Servers

Join the discussion