How to Detect Who Has Access to What Data on Windows File Servers 


Native Auditing vs. Netwrix Auditor for Windows File Servers

Native Auditing Netwrix Auditor for Windows File Servers
Steps

 

  1. Open Powershell ISE and create new script with the following code (define path on the file server and name of the user):

    dir -Recurse \\fs1\Shared | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { $_.IdentityReference -like "ENTERPRISE\J.Carter" } | Add-Member -MemberType NoteProperty   '.\Application Data' -Value $path1 -passthru }} | Export-Csv "C:\temp\AccountPermissions.csv"

  2. Run the script.
  3. Open the file produced by the script in MS Excel.

Report Sample:

  1. Run Netwrix Audor → Click "Reports" → Navigate to File Servers → Choose "File Servers State-in-Time" → Select "Account Permissions"→ Click "View".
  2. To save the file, click the "Export" button → Select PDF format → Save as → Choose a location to save it. 

Report sample:

How to Detect Who Has Access to What Data on Windows File Servers 

Although security breaches can originate from external attacks, they can also stem from insider activity. If users are granted excessive permissions that enable them to access, copy, distribute, modify or delete files on file servers, it can lead to disruption of critical business processes, exposure of sensitive data or even a full-scale data breach.

Join the discussion