?
Solved

Audit file share ACL

Posted on 2015-01-12
20
Medium Priority
?
297 Views
Last Modified: 2015-05-07
Hi All,

I have been asked to audit the file shares on our network.

Does anyone have a script/sample code I can run?

Last time I did it I use CACLS, which has been superseded by ICACLS.


Many thanks
D
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 4
  • +1
20 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40544831
When you say audit... do you want to enable auditing on share folder
OR
You want to record file share permissions \ audit entries \ ownership and so on?

Both concepts are totally different

For 1st concept, you need to enable auditing GPO (Audit object access) on OU containing file server and later need to enable auditing on actual share folder
http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx

For 2nd concept you can use Subinacl tool to record all permissions including audit entries
http://blogs.technet.com/b/justinturner/archive/2009/02/26/quick-tip-back-up-your-ntfs-security-permissions.aspx
0
 
LVL 40

Expert Comment

by:footech
ID: 40544874
Even though cacls has been deprecated you can still use it.
The question becomes what do you need from the audit?
0
 
LVL 6

Expert Comment

by:Kiran Ch
ID: 40544879
Something like this would work for you?

get-childitem C:\test -recurse | where-object { $_.PSIScontainer }  | Get-Acl | Out-GridView
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 2

Author Comment

by:detox1978
ID: 40545362
Just to clarify I'm looking to get a file of NTFS permissions.  Ideally filtering our the inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40545384
chkiran248, how do I output the results to a csv file?  Also, how can I get the full path.
0
 
LVL 40

Accepted Solution

by:
footech earned 672 total points
ID: 40548096
It's not quite clear what information you need exactly.  Files, folders, both?
Here's an example of just folders, where permissions are not inherited, exported to a .CSV file.
Get-ChildItem C:\ -recurse | Where { $_.PSIScontainer }  | Get-Acl | ForEach `
{
    $fullpath = Convert-Path $_.pspath
    $_.Access | ? { -not $_.IsInherited } | Select @{n="Path";e={$fullpath}},AccessControlType,FileSystemRights,IdentityReference
} | Export-CSV permission-report.csv -notype

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 40548569
I'm looking to get list of NTFS users/groups for all files and folders for a given path e.g. d:\data

If possible (i dont mind doing it in Excel), I would only want to list the explicit access.  So ignore inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40548577
On second thoughts, I dont need the files ACL.

Any idea how to only get explicit ACL for folders?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 664 total points
ID: 40548581
Subinacl actually report all NTFS permissions to text file with audit, owners excluding inheritence
Check 1st comment

OR
Try NTFS permissions reporter free version
http://www.cjwdev.com/Software/NtfsReports/Info.html
Free edition will give report to html format
0
 
LVL 2

Author Comment

by:detox1978
ID: 40548633
Mahesh, did you just google cjwdev.com, or have you used the application before?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40548669
You could have already googled it.
I have used tool previously, its nice working
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549124
The reason I ask is the website doesnt fill me with confidence.
0
 
LVL 40

Expert Comment

by:footech
ID: 40549229
Did you try the script I posted?  It appears to be exactly what you asked for.

Regarding cjwdev.com - I often see his tools recommended by a number of the top participating experts here, and as such I would trust the tools.  However, I haven't had a need to use any of the tools personally.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549560
It doesn't highlight inheritance
0
 
LVL 6

Assisted Solution

by:Kiran Ch
Kiran Ch earned 664 total points
ID: 40549715
It is not highlighting inheritance because it is filtering it out the folders which have inheritance and it will only give the one's which are not inherited.
Anyhow, you can also take a look at this, this has the last column for inheritance : http://poshcode.org/1721
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40549780
The NTFS permissions reporter tool has option to show \ hide inherited permissions during export \ output
0
 
LVL 40

Expert Comment

by:footech
ID: 40549986
Just wanted to clarify that it doesn't filter out the folders with inheritance, just the permissions on a folder which are inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40550125
Ok I will check it again
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question