Audit file share ACL

Hi All,

I have been asked to audit the file shares on our network.

Does anyone have a script/sample code I can run?

Last time I did it I use CACLS, which has been superseded by ICACLS.


Many thanks
D
LVL 2
detox1978Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
footechConnect With a Mentor Commented:
It's not quite clear what information you need exactly.  Files, folders, both?
Here's an example of just folders, where permissions are not inherited, exported to a .CSV file.
Get-ChildItem C:\ -recurse | Where { $_.PSIScontainer }  | Get-Acl | ForEach `
{
    $fullpath = Convert-Path $_.pspath
    $_.Access | ? { -not $_.IsInherited } | Select @{n="Path";e={$fullpath}},AccessControlType,FileSystemRights,IdentityReference
} | Export-CSV permission-report.csv -notype

Open in new window

0
 
MaheshArchitectCommented:
When you say audit... do you want to enable auditing on share folder
OR
You want to record file share permissions \ audit entries \ ownership and so on?

Both concepts are totally different

For 1st concept, you need to enable auditing GPO (Audit object access) on OU containing file server and later need to enable auditing on actual share folder
http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx

For 2nd concept you can use Subinacl tool to record all permissions including audit entries
http://blogs.technet.com/b/justinturner/archive/2009/02/26/quick-tip-back-up-your-ntfs-security-permissions.aspx
0
 
footechCommented:
Even though cacls has been deprecated you can still use it.
The question becomes what do you need from the audit?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Kiran ChCommented:
Something like this would work for you?

get-childitem C:\test -recurse | where-object { $_.PSIScontainer }  | Get-Acl | Out-GridView
0
 
detox1978Author Commented:
Just to clarify I'm looking to get a file of NTFS permissions.  Ideally filtering our the inherited.
0
 
detox1978Author Commented:
chkiran248, how do I output the results to a csv file?  Also, how can I get the full path.
0
 
detox1978Author Commented:
I'm looking to get list of NTFS users/groups for all files and folders for a given path e.g. d:\data

If possible (i dont mind doing it in Excel), I would only want to list the explicit access.  So ignore inherited.
0
 
detox1978Author Commented:
On second thoughts, I dont need the files ACL.

Any idea how to only get explicit ACL for folders?
0
 
MaheshConnect With a Mentor ArchitectCommented:
Subinacl actually report all NTFS permissions to text file with audit, owners excluding inheritence
Check 1st comment

OR
Try NTFS permissions reporter free version
http://www.cjwdev.com/Software/NtfsReports/Info.html
Free edition will give report to html format
0
 
detox1978Author Commented:
Mahesh, did you just google cjwdev.com, or have you used the application before?
0
 
MaheshArchitectCommented:
You could have already googled it.
I have used tool previously, its nice working
0
 
detox1978Author Commented:
The reason I ask is the website doesnt fill me with confidence.
0
 
footechCommented:
Did you try the script I posted?  It appears to be exactly what you asked for.

Regarding cjwdev.com - I often see his tools recommended by a number of the top participating experts here, and as such I would trust the tools.  However, I haven't had a need to use any of the tools personally.
0
 
detox1978Author Commented:
It doesn't highlight inheritance
0
 
Kiran ChConnect With a Mentor Commented:
It is not highlighting inheritance because it is filtering it out the folders which have inheritance and it will only give the one's which are not inherited.
Anyhow, you can also take a look at this, this has the last column for inheritance : http://poshcode.org/1721
0
 
MaheshArchitectCommented:
The NTFS permissions reporter tool has option to show \ hide inherited permissions during export \ output
0
 
footechCommented:
Just wanted to clarify that it doesn't filter out the folders with inheritance, just the permissions on a folder which are inherited.
0
 
detox1978Author Commented:
Ok I will check it again
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.