A Quick and Dirty Method for Auditing Permissions by Keyword with Powershell

Auditing NTFS permissions in Windows is not a fun task, especially in environments that may have a lot of broken inheritance deeper in the file structure.

In such scenarios, Powershell can be a powerful tool to help spot check permissions, given certain keywords.

The script below would be run from the Windows Server sharing the files.  It’s currently setup to list files with HR or Accounting listed in the file path.

#set the path you're evaluating
$rootdir = "C:\TEST"

#locate all folders matching certain keywords, ingoring certain system users
$filteredfolders = Get-ChildItem $rootdir -Directory -Recurse | get-acl |select Path -expand Access |
where{($_.Path -like '*HR*') -or ($_.Path -like '*Accounting*') -and ($_.IdentityReference -ne "NT AUTHORITY\SYSTEM") -and ($_.IdentityReference -ne "NT AUTHORITY\Authenticated Users")}

#cleanup file path
foreach($folder in $filteredfolders){
$shortpath = $folder.Path -creplace '^[^::]*::', ''
$folder.Path = $shortpath

}

#output csv to rootdir
$filteredfolders | select path,identityreference, filesystemrights,accesscontroltype,isinherited | export-csv $rootdir\FolderPerms.csv

Let’s test on the a folder containing the following contents:

dir.png

Let’s look at the output:
output.png

So great, we have some permissions simply listed.  But it’s not a perfect list…it picked up HRE when filtering for HR in the folder name.  On the other hand, it’s pretty good for a quick a dirty look at the file system to spot issues of significant concern.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s