Auditing NTFS permissions in Windows is not a fun task, especially in environments that may have a lot of broken inheritance deeper in the file structure.
In such scenarios, Powershell can be a powerful tool to help spot check permissions, given certain keywords.
The script below would be run from the Windows Server sharing the files. It’s currently setup to list files with HR or Accounting listed in the file path.
#set the path you're evaluating $rootdir = "C:\TEST" #locate all folders matching certain keywords, ingoring certain system users $filteredfolders = Get-ChildItem $rootdir -Directory -Recurse | get-acl |select Path -expand Access | where{($_.Path -like '*HR*') -or ($_.Path -like '*Accounting*') -and ($_.IdentityReference -ne "NT AUTHORITY\SYSTEM") -and ($_.IdentityReference -ne "NT AUTHORITY\Authenticated Users")} #cleanup file path foreach($folder in $filteredfolders){ $shortpath = $folder.Path -creplace '^[^::]*::', '' $folder.Path = $shortpath } #output csv to rootdir $filteredfolders | select path,identityreference, filesystemrights,accesscontroltype,isinherited | export-csv $rootdir\FolderPerms.csv
Let’s test on the a folder containing the following contents:
Let’s look at the output:
So great, we have some permissions simply listed. But it’s not a perfect list…it picked up HRE when filtering for HR in the folder name. On the other hand, it’s pretty good for a quick a dirty look at the file system to spot issues of significant concern.