Solved

Audit file share ACL

Posted on 2015-01-12
20
273 Views
Last Modified: 2015-05-07
Hi All,

I have been asked to audit the file shares on our network.

Does anyone have a script/sample code I can run?

Last time I did it I use CACLS, which has been superseded by ICACLS.


Many thanks
D
0
Comment
Question by:detox1978
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 4
  • +1
20 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40544831
When you say audit... do you want to enable auditing on share folder
OR
You want to record file share permissions \ audit entries \ ownership and so on?

Both concepts are totally different

For 1st concept, you need to enable auditing GPO (Audit object access) on OU containing file server and later need to enable auditing on actual share folder
http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx

For 2nd concept you can use Subinacl tool to record all permissions including audit entries
http://blogs.technet.com/b/justinturner/archive/2009/02/26/quick-tip-back-up-your-ntfs-security-permissions.aspx
0
 
LVL 40

Expert Comment

by:footech
ID: 40544874
Even though cacls has been deprecated you can still use it.
The question becomes what do you need from the audit?
0
 
LVL 6

Expert Comment

by:Kiran Ch
ID: 40544879
Something like this would work for you?

get-childitem C:\test -recurse | where-object { $_.PSIScontainer }  | Get-Acl | Out-GridView
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 
LVL 2

Author Comment

by:detox1978
ID: 40545362
Just to clarify I'm looking to get a file of NTFS permissions.  Ideally filtering our the inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40545384
chkiran248, how do I output the results to a csv file?  Also, how can I get the full path.
0
 
LVL 40

Accepted Solution

by:
footech earned 168 total points
ID: 40548096
It's not quite clear what information you need exactly.  Files, folders, both?
Here's an example of just folders, where permissions are not inherited, exported to a .CSV file.
Get-ChildItem C:\ -recurse | Where { $_.PSIScontainer }  | Get-Acl | ForEach `
{
    $fullpath = Convert-Path $_.pspath
    $_.Access | ? { -not $_.IsInherited } | Select @{n="Path";e={$fullpath}},AccessControlType,FileSystemRights,IdentityReference
} | Export-CSV permission-report.csv -notype

Open in new window

0
 
LVL 2

Author Comment

by:detox1978
ID: 40548569
I'm looking to get list of NTFS users/groups for all files and folders for a given path e.g. d:\data

If possible (i dont mind doing it in Excel), I would only want to list the explicit access.  So ignore inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40548577
On second thoughts, I dont need the files ACL.

Any idea how to only get explicit ACL for folders?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 166 total points
ID: 40548581
Subinacl actually report all NTFS permissions to text file with audit, owners excluding inheritence
Check 1st comment

OR
Try NTFS permissions reporter free version
http://www.cjwdev.com/Software/NtfsReports/Info.html
Free edition will give report to html format
0
 
LVL 2

Author Comment

by:detox1978
ID: 40548633
Mahesh, did you just google cjwdev.com, or have you used the application before?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40548669
You could have already googled it.
I have used tool previously, its nice working
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549124
The reason I ask is the website doesnt fill me with confidence.
0
 
LVL 40

Expert Comment

by:footech
ID: 40549229
Did you try the script I posted?  It appears to be exactly what you asked for.

Regarding cjwdev.com - I often see his tools recommended by a number of the top participating experts here, and as such I would trust the tools.  However, I haven't had a need to use any of the tools personally.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40549560
It doesn't highlight inheritance
0
 
LVL 6

Assisted Solution

by:Kiran Ch
Kiran Ch earned 166 total points
ID: 40549715
It is not highlighting inheritance because it is filtering it out the folders which have inheritance and it will only give the one's which are not inherited.
Anyhow, you can also take a look at this, this has the last column for inheritance : http://poshcode.org/1721
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40549780
The NTFS permissions reporter tool has option to show \ hide inherited permissions during export \ output
0
 
LVL 40

Expert Comment

by:footech
ID: 40549986
Just wanted to clarify that it doesn't filter out the folders with inheritance, just the permissions on a folder which are inherited.
0
 
LVL 2

Author Comment

by:detox1978
ID: 40550125
Ok I will check it again
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question