File Permission Auditing

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Daan Weda Daan Weda 3 weeks, 5 days ago.

  • Author
    Posts
  • #65491
    Profile photo of Aaron
    Aaron
    Participant

    I am trying to come up with a way to look for anomalies in file shares.

    The files should subfolders will have inherited their permission from the root, but I'm looking to see if any folders/files differ.

    I can get the permissions using a simple get-acl, but I was wondering how can i compare the permission with a subfolder?

    #gets root folder's permissions
    $rootPermissions = (get-acl '\\fileserver\share1').access
    
    $subfolders = get-childitem -recurse '\\fileserver\share1'
    
    foreach($subfolder in $subfolders)
    {
        #somehow compare?
        compare $rootpermissions with $subfolder.access
        if not a match
        {
          "$subfolder has different permission"
        }
    }
    

    A mixture of pseudo code there, but any suggestions on how to compare the permissions of the root to each subfolder's?

    Edit: The only 2 properties I really need to look at is identityreference and AccessControlType

    So if root has

    Accesscontroltype Identityreference
    Allow domain\user1
    Allow domain\user2

    and sub has
    Accesscontroltype Identityreference
    Allow domain\user1
    Allow domain\user2
    Allow domain\user3

    It would alert that 'subfolder has User3' and say it was missing domain\user2 it would alert that as well.

  • #65496
    Profile photo of Daan Weda
    Daan Weda
    Participant

    Maybe this could help?

    #gets root folder's permissions
    $rootPermissions = (get-acl '\\fileserver\share1').access
    
    $subfolders = get-childitem -recurse '\\fileserver\share1'
    
    foreach($subfolder in $subfolders)
    {
        $folder = (get-acl $subfolder.fullname).access
        #somehow compare
        $compare = compare-object -ReferenceObject $rootpermissions -DifferenceObject $folder
        
        
        if($compare.SideIndicator -eq "=>"){
        Write-output "$($subfolder.name) has different permission"
        }
           
    }
    

You must be logged in to reply to this topic.