How to Stay on Top of Folder Permissions on a Certain Share

Native Auditing vs. Netwrix Auditor for Windows File Servers

Native Auditing Netwrix Auditor for Windows File Servers
  1. Open Powershell ISE.
  2. Create new script with the following code (Define “OutFile” and “RootPath” fields):

    $OutFile = "C:\temp\Permissions1.csv" # Insert folder path where you want to save your file and its name
    $Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
    $FileExist = Test-Path $OutFile 
    If ($FileExist -eq $True) {Del $OutFile} 
    Add-Content -Value $Header -Path $OutFile 
    $RootPath = "\\server\share" # Insert your share path
    $Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true} foreach ($Folder in $Folders){
        $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
        Foreach ($ACL in $ACLs){
        $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
        Add-Content -Value $OutInfo -Path $OutFile 

  3. Run the script.
  4. Open the file produced by the script in MS Excel.

  1. Run Netwrix Auditor, Navigate to Reports → File Servers → File Servers – State-in-Time → Select “Object Permissions by Object” report → Click “View” → Define the following filters:
    • “Folder UNC Path:” – path to your file share (Example: “\\server\share”)
    • “Users Permissions Inheritance:” Set to “All”.
      Click “View Report”.
  2. Click “Export” button → PDF → Click “Save As” → Select where you want to save the file and enter its name → Click “Save”.

Regularly Check Permissions on Folder on a Certain Share to Lock Down Overexposed Data

Because many compliance regulations demand that only authorized users have access to sensitive data, IT administrators need to ensure proper file server structure on file shares that host critical data, and also stay abreast of who has access to what information on those file shares. By monitoring how permissions to this data are changing, they can ensure that employees don’t have access to files that they don’t need for their jobs. Reporting on folder permissions makes it easier for IT admins to spot users with unnecessary access, so they can restrict permissions to minimize the risk of a data breach. 

Netwrix Auditor for Windows File Servers delivers actionable intelligence about all changes made to files, folders, shares and permissions, and about successful and failed access attempts. On top of this, the solution offers a folder permission reporting tool that provides state-in-time file share permissions reports that make it easy to determine who has access to what files, folders and shares, and whether that access was assigned directly or inherited. With this data at your fingertips, you can improve your file server folder structure, secure your sensitive data, and ensure that users across your environment don’t have any permissions they shouldn’t have — thereby locking down your critical assets from being exposed and compromised. 

Join the discussion