How to Detect Excessive Permissions for User on Windows File Servers


Native Auditing vs. Netwrix Auditor for Windows File Servers

We never share your data. Privacy Policy
Native Auditing Netwrix Auditor for Windows File Servers
Steps
  1. We need to know what folder(s) user "Suspicious" has access to. Run the following script in   Powershell filling up "File Share Path" and ".csv File Name and Path" parameters.
    dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { $_.IdentityReference -like "Suspicious" } | Add-Member -MemberType NoteProperty -name "File Share Path" -Value $path1 -passthru }} | export-csv ".csv File Name and Path
  2. Open created .csv file via Microsoft Excel and check which folders user "Suspicious" has access to.
  3. In order to find out other user or group permissions just type the name instead of word "Suspicious" in the script.

  1. Run Netwrix Auditor → Reports → File Servers → File Servers State-in-Time → Object Permissions by User → View → Define File Share and User Account or Group → View Report.

Detect Employees with Direct Permissions to Your File Shares to Optimize Access Control and Lock Down Overexposed Data

External attacks are not the only cause of security breaches. Practices such as granting permissions to the “Everyone” group or assigning permissions directly instead of through group membership can enable users to access data they shouldn’t be able to access, possibly including sensitive data. Users with excessive permissions can copy, distribute, modify or delete files, which can lead to data loss, data exfiltration, and more. To reduce these risks, IT pros should review permissions granted to the "Everyone" group, as well as all permissions that were granted directly, on a regular basis.

Netwrix Auditor for Windows File Servers delivers complete visibility into user activity and who has access to what across your Windows-based file servers, so IT pros can detect overexposed data and eliminate excessive permissions. State-in-time reports provide actionable details about who has access to which files and show whether the access permissions were granted directly or via group membership. With this insight, IT pros can remove excessive permissions and thereby reduce the risk of data leaks.

 

Join the discussion