File Permission Auditing

Welcome Forums General PowerShell Q&A File Permission Auditing

This topic contains 1 reply, has 2 voices, and was last updated by

 
Participant
1 year, 8 months ago.

  • Author
    Posts
  • #65491

    Participant
    Points: 0
    Rank: Member

    I am trying to come up with a way to look for anomalies in file shares.

    The files should subfolders will have inherited their permission from the root, but I'm looking to see if any folders/files differ.

    I can get the permissions using a simple get-acl, but I was wondering how can i compare the permission with a subfolder?

    #gets root folder's permissions
    $rootPermissions = (get-acl '\\fileserver\share1').access
    
    $subfolders = get-childitem -recurse '\\fileserver\share1'
    
    foreach($subfolder in $subfolders)
    {
        #somehow compare?
        compare $rootpermissions with $subfolder.access
        if not a match
        {
          "$subfolder has different permission"
        }
    }
    

    A mixture of pseudo code there, but any suggestions on how to compare the permissions of the root to each subfolder's?

    Edit: The only 2 properties I really need to look at is identityreference and AccessControlType

    So if root has

    Accesscontroltype Identityreference
    Allow domain\user1
    Allow domain\user2

    and sub has
    Accesscontroltype Identityreference
    Allow domain\user1
    Allow domain\user2
    Allow domain\user3

    It would alert that 'subfolder has User3' and say it was missing domain\user2 it would alert that as well.

  • #65496

    Participant
    Points: 0
    Rank: Member

    Maybe this could help?

    #gets root folder's permissions
    $rootPermissions = (get-acl '\\fileserver\share1').access
    
    $subfolders = get-childitem -recurse '\\fileserver\share1'
    
    foreach($subfolder in $subfolders)
    {
        $folder = (get-acl $subfolder.fullname).access
        #somehow compare
        $compare = compare-object -ReferenceObject $rootpermissions -DifferenceObject $folder
        
        
        if($compare.SideIndicator -eq "=>"){
        Write-output "$($subfolder.name) has different permission"
        }
           
    }
    

The topic ‘File Permission Auditing’ is closed to new replies.