Solved

Audit file share ACL

Posted on 2015-01-12
20
214 Views
Last Modified: 2015-05-07
Hi All,

I have been asked to audit the file shares on our network.

Does anyone have a script/sample code I can run?

Last time I did it I use CACLS, which has been superseded by ICACLS.


Many thanks
D
0
Comment
Question by:detox1978
  • 8
  • 4
  • 4
  • +1
20 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 40544831
When you say audit... do you want to enable auditing on share folder
OR
You want to record file share permissions \ audit entries \ ownership and so on?

Both concepts are totally different

For 1st concept, you need to enable auditing GPO (Audit object access) on OU containing file server and later need to enable auditing on actual share folder
http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx

For 2nd concept you can use Subinacl tool to record all permissions including audit entries
http://blogs.technet.com/b/justinturner/archive/2009/02/26/quick-tip-back-up-your-ntfs-security-permissions.aspx
0
 
LVL 39

Expert Comment

by:footech
ID: 40544874
Even though cacls has been deprecated you can still use it.
The question becomes what do you need from the audit?
0
 
LVL 6

Expert Comment

by:Kiran Ch
ID: 40544879
Something like this would work for you?

get-childitem C:\test -recurse | where-object { $_.PSIScontainer }  | Get-Acl | Out-GridView
0
 
LVL 2

Author Comment

by:detox1978
ID: 40545362
Just to clarify I'm looking to get a file of NTFS permissions.  Ideally filtering our the inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40545384
chkiran248, how do I output the results to a csv file?  Also, how can I get the full path.
0
 
LVL 39

Accepted Solution

by:
footech earned 168 total points
ID: 40548096
It's not quite clear what information you need exactly.  Files, folders, both?
Here's an example of just folders, where permissions are not inherited, exported to a .CSV file.
Get-ChildItem C:\ -recurse | Where { $_.PSIScontainer }  | Get-Acl | ForEach `
{
    $fullpath = Convert-Path $_.pspath
    $_.Access | ? { -not $_.IsInherited } | Select @{n="Path";e={$fullpath}},AccessControlType,FileSystemRights,IdentityReference
} | Export-CSV permission-report.csv -notype

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 40548569
I'm looking to get list of NTFS users/groups for all files and folders for a given path e.g. d:\data

If possible (i dont mind doing it in Excel), I would only want to list the explicit access.  So ignore inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40548577
On second thoughts, I dont need the files ACL.

Any idea how to only get explicit ACL for folders?
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 40548581
Subinacl actually report all NTFS permissions to text file with audit, owners excluding inheritence
Check 1st comment

OR
Try NTFS permissions reporter free version
http://www.cjwdev.com/Software/NtfsReports/Info.html
Free edition will give report to html format
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 2

Author Comment

by:detox1978
ID: 40548633
Mahesh, did you just google cjwdev.com, or have you used the application before?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40548669
You could have already googled it.
I have used tool previously, its nice working
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549124
The reason I ask is the website doesnt fill me with confidence.
0
 
LVL 39

Expert Comment

by:footech
ID: 40549229
Did you try the script I posted?  It appears to be exactly what you asked for.

Regarding cjwdev.com - I often see his tools recommended by a number of the top participating experts here, and as such I would trust the tools.  However, I haven't had a need to use any of the tools personally.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549560
It doesn't highlight inheritance
0
 
LVL 6

Assisted Solution

by:Kiran Ch
Kiran Ch earned 166 total points
ID: 40549715
It is not highlighting inheritance because it is filtering it out the folders which have inheritance and it will only give the one's which are not inherited.
Anyhow, you can also take a look at this, this has the last column for inheritance : http://poshcode.org/1721
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40549780
The NTFS permissions reporter tool has option to show \ hide inherited permissions during export \ output
0
 
LVL 39

Expert Comment

by:footech
ID: 40549986
Just wanted to clarify that it doesn't filter out the folders with inheritance, just the permissions on a folder which are inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40550125
Ok I will check it again
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now