I am working on a project where I need to be able to audit various users and user group permissions on a NTFS formatted Windows file server. I would like to use PowerShell and have it recursively search through the remote file share or it could be ran on the server itself and have it output all of the permissions it finds either for everything or for the specified user or user group. The goal is to be able to use this for periodic auditing of users and user groups to ensure that permission creep is not occurring and that all permissions are being setup in the same manner by different system administrators. Lastly, it would be used for identifying where we need to make changes when we change user groups in group policy. Are there any common ways of approaching this? Does PowerShell stand up to this task? Would it be possible to have PowerShell output the results into a readable format?
Powershell – NTFS Permissions Auditing with PowerShell
ntfspermissionspowershell
Related Topic
- Linux – NTFS and Linux Permissions
- Security – NTFS: Deny all permissions for all files, except where explicitly added
- Sql-server – SQL Agent Powershell Job Failing with Non-Admin Proxy
- PowerShell Script to list a server’s users, groups, permissions, etc
- Server 2012 NTFS group permissions not working in domain
- Windows – How to add explicit NTFS permissions without disabling inheritance on child folders
Best Answer
I read a brilliant post a few months ago, dealing with a similar situation by essentially running a script remotely that uses the Get-ACL cmdlet to list acl's for a path recursively, and piping the output trough the Export-CSV cmdlet for a nice overview:
http://jfrmilner.wordpress.com/2011/05/01/audit-ntfs-permissions-powershell-script/