How to Get an NTFS Permissions Report


We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows File Servers
Steps
  1. Open the Powershell ISE.
  2. Run the following script, adjusting the “OutFile” and “RootPath” fields:

$OutFile = "C:\Temp\Permissions.csv" # Insert folder path where you want to save your file and its name 
$RootPath = "\\Pdc\Shared" # Insert your share directory path 
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags" 
# $Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags,FilesystemRights" 
$FileExist = Test-Path $OutFile  
If ($FileExist -eq $True) {Del $OutFile}  
Add-Content -Value $Header -Path $OutFile  
$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $True}  
foreach ($Folder in $Folders){ 
   $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  } 
   Foreach ($ACL in $ACLs){ 
   $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags  
#  If you need detailed file system rights in your report, add the following at the end of previous line:  
# + "," + ($ACL.FileSystemRights -replace ',','/' ) 
   Add-Content -Value $OutInfo -Path $OutFile  
   }}

  1. Open the file produced by the script in Microsoft Excel:
How to Get an NTFS Permissions Report screen 1
  1. Run Netwrix Auditor → Navigate to “Reports” → Open “File Servers” → Go to “File Servers – State-in-Time” → Select the “Folder Permissions” report.
  2. In the “Object UNC Path” filter, specify the path to your file share (for example, “\\Myserver\Myshare”).
  3. Click “View Report”.

To get the report via email regularly, simply click the "Subscribe" option and specify the schedule and recipients.

Folder Permissions report: Account, Permissions and Means Granted

Audit Folder Permissions using PowerShell or Netwrix Auditor

Auditing NTFS folder permissions is critical to data security. In a Microsoft Active Directory and Windows Server environment, you can get an NTFS permissions report for any share using a PowerShell script. The script provided above uses the Get-ACL cmdlet with the “recurse” option to dig down to subfolders and generate a report that lists all folders and their security permissions, whether assigned by group or directly.

But why bother spending all that time writing, maintaining and running PowerShell scripts when you can get a folder permissions report for any shared folder in a couple of clicks with Netwrix Auditor? Take control over the access that users have to your organization’s directories and files, and easily spot incorrect ACL configurations.