All PowerShell Versions
If you'd like to audit NTFS permissions on your file servers, here is a suggestion how you could start.
This script scans the Windows folder recursively for subfolders. Simply replace $Path with another path to scan other areas of your file system.
$Path = 'C:\Windows' Get-ChildItem -Path $Path -Recurse -Directory -ErrorAction SilentlyContinue | ForEach-Object { $result = $_ | Select-Object -Property FullName, ExplicitePermissions, Count, Preview $result.ExplicitePermissions = (Get-Acl -Path $_.FullName -ErrorAction SilentlyContinue).Access | Where-Object { $_.isInherited -eq $false } $result.Count = $result.ExplicitePermissions.Count $result.Preview = $result.ExplicitePermissions.IdentityReference -join ',' if ($result.ExplicitePermissions.Count -gt 0) { $result } } | Out-GridView
The script then reads the security descriptors for each subfolder and looks for non-inherited access control entries. If found, it adds this information to the folder object.
The result is output to a grid view window. If you remove Out-GridView, you get information similar to this:
PS> G:\
FullName ExplicitePermissions Count Preview
-------- -------------------- ----- -------
C:\windows\addins {System.Security.Access... 9 CREATOR OWNER,NT AUTHOR...
C:\windows\AppPatch {System.Security.Access... 9 CREATOR OWNER,NT AUTHOR...
C:\windows\Boot {System.Security.Access... 8 NT AUTHORITY\SYSTEM,NT ...
C:\windows\Branding {System.Security.Access... 9 CREATOR OWNER,NT AUTHOR...
C:\windows\Cursors {System.Security.Access... 9 CREATOR OWNER,NT AUTHOR...
C:\windows\de-DE {System.Security.Access... 9 CREATOR OWNER,NT AUTHOR...
C:\windows\diagnostics {System.Security.Access... 8 NT AUTHORITY\SYSTEM,NT ...
C:\windows\Downloaded P... {System.Security.Access... 11 CREATOR OWNER,NT AUTHOR...
You can take this example as base for more elaborate tools. For example, you can add a list of default trustees (such as "CREATOR", or "SYSTEM"), and exclude these from the results.
