Solved

Audit file share ACL

Posted on 2015-01-12
20
221 Views
Last Modified: 2015-05-07
Hi All,

I have been asked to audit the file shares on our network.

Does anyone have a script/sample code I can run?

Last time I did it I use CACLS, which has been superseded by ICACLS.


Many thanks
D
0
Comment
Question by:detox1978
  • 8
  • 4
  • 4
  • +1
20 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 40544831
When you say audit... do you want to enable auditing on share folder
OR
You want to record file share permissions \ audit entries \ ownership and so on?

Both concepts are totally different

For 1st concept, you need to enable auditing GPO (Audit object access) on OU containing file server and later need to enable auditing on actual share folder
http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx

For 2nd concept you can use Subinacl tool to record all permissions including audit entries
http://blogs.technet.com/b/justinturner/archive/2009/02/26/quick-tip-back-up-your-ntfs-security-permissions.aspx
0
 
LVL 39

Expert Comment

by:footech
ID: 40544874
Even though cacls has been deprecated you can still use it.
The question becomes what do you need from the audit?
0
 
LVL 6

Expert Comment

by:Kiran Ch
ID: 40544879
Something like this would work for you?

get-childitem C:\test -recurse | where-object { $_.PSIScontainer }  | Get-Acl | Out-GridView
0
 
LVL 2

Author Comment

by:detox1978
ID: 40545362
Just to clarify I'm looking to get a file of NTFS permissions.  Ideally filtering our the inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40545384
chkiran248, how do I output the results to a csv file?  Also, how can I get the full path.
0
 
LVL 39

Accepted Solution

by:
footech earned 168 total points
ID: 40548096
It's not quite clear what information you need exactly.  Files, folders, both?
Here's an example of just folders, where permissions are not inherited, exported to a .CSV file.
Get-ChildItem C:\ -recurse | Where { $_.PSIScontainer }  | Get-Acl | ForEach `
{
    $fullpath = Convert-Path $_.pspath
    $_.Access | ? { -not $_.IsInherited } | Select @{n="Path";e={$fullpath}},AccessControlType,FileSystemRights,IdentityReference
} | Export-CSV permission-report.csv -notype

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 40548569
I'm looking to get list of NTFS users/groups for all files and folders for a given path e.g. d:\data

If possible (i dont mind doing it in Excel), I would only want to list the explicit access.  So ignore inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40548577
On second thoughts, I dont need the files ACL.

Any idea how to only get explicit ACL for folders?
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 40548581
Subinacl actually report all NTFS permissions to text file with audit, owners excluding inheritence
Check 1st comment

OR
Try NTFS permissions reporter free version
http://www.cjwdev.com/Software/NtfsReports/Info.html
Free edition will give report to html format
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Author Comment

by:detox1978
ID: 40548633
Mahesh, did you just google cjwdev.com, or have you used the application before?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40548669
You could have already googled it.
I have used tool previously, its nice working
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549124
The reason I ask is the website doesnt fill me with confidence.
0
 
LVL 39

Expert Comment

by:footech
ID: 40549229
Did you try the script I posted?  It appears to be exactly what you asked for.

Regarding cjwdev.com - I often see his tools recommended by a number of the top participating experts here, and as such I would trust the tools.  However, I haven't had a need to use any of the tools personally.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549560
It doesn't highlight inheritance
0
 
LVL 6

Assisted Solution

by:Kiran Ch
Kiran Ch earned 166 total points
ID: 40549715
It is not highlighting inheritance because it is filtering it out the folders which have inheritance and it will only give the one's which are not inherited.
Anyhow, you can also take a look at this, this has the last column for inheritance : http://poshcode.org/1721
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40549780
The NTFS permissions reporter tool has option to show \ hide inherited permissions during export \ output
0
 
LVL 39

Expert Comment

by:footech
ID: 40549986
Just wanted to clarify that it doesn't filter out the folders with inheritance, just the permissions on a folder which are inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40550125
Ok I will check it again
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now