How to Get an NTFS Permissions Report

Native Auditing vs. Netwrix Auditor for Windows File Servers

Native Auditing Netwrix Auditor for Windows File Servers
  1. Open Powershell ISE.
  2. Run the following script adjusting “OutFile” and “RootPath” fields:

    $OutFile = "C:\temp\Permissions1.csv" # Insert folder path where you want to save your file and its name
    $Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
    $FileExist = Test-Path $OutFile 
    If ($FileExist -eq $True) {Del $OutFile} 
    Add-Content -Value $Header -Path $OutFile 
    $RootPath = "\\server\share" # Insert your share path
    $Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} foreach ($Folder in $Folders){
        $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
        Foreach ($ACL in $ACLs){
        $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
        Add-Content -Value $OutInfo -Path $OutFile 

  3. Open the file produced by the script in MS Excel.

  1. Run Netwrix Auditor → Navigate to “Reports” → Open “File Servers” → Go to “File Servers – State-in-Time” → Select the “Folder Permissions” report.
  2. In the “Object UNC Path” filter, specify the path to your file share (for example, “\\Myserver\Myshare”).
  3. Click “View Report”.

To get the report via email regularly, simply click the "Subscribe" option and specify the schedule and recipients.Folder Permissions report: Account, Permissions and Means Granted

Audit Folder Permissions Using PowerShell or Netwrix Auditor

Auditing NTFS folder permissions is critical to data security. In an Active Directory and Windows Server environment, you can run a simple PowerShell script to get an NTFS permissions report for any share. The script provided above uses the Get-ACL cmdlet with the “recurse” option to dig down to subfolders and generate a report that lists all folders and their security permissions, whether assigned by group or directly.

But why bother spending all that time writing PowerShell commands and adjusting your scripts when you can get a folder permissions report for any shared folder right to your email with Netwrix Auditor? Take control over the access that users have to your organization’s directories and files, and easily change permissions if you find any incorrect ACL configurations.

Join the discussion