transcription logging to network share, what permissions are required

Welcome Forums General PowerShell Q&A transcription logging to network share, what permissions are required

This topic contains 3 replies, has 4 voices, and was last updated by

 
Participant
1 month, 1 week ago.

  • Author
    Posts
  • #100525

    Participant
    Topics: 23
    Replies: 156
    Points: 392
    Helping Hand
    Rank: Contributor

    not sure if anyone else has configured this yet, just trying to get a handle on required permissions.
    thus far if the user has modify permissions on the share, everything works.
    obviously, this isn't ideal for logging and history tracking.

    we have tried with just write permissions, write and create files/folders given, in this configuration the initial log file is created, however when commands are executed, the log is never updated.

    just trying to wrap my head around the whole thing and wanted to see if anyone else had successfully enabled this to a network location.

  • #100551

    Participant
    Topics: 2
    Replies: 1000
    Points: 1,951
    Helping Hand
    Rank: Community Hero

    The user and computer would need full control on the share, and NTFS read, write, modify.

    If you do not, eventually you will run into issue. Trust me, been there done that.
    Remember, even if the user is not logged on, the computer could be running PoSH code (think maintenance jobs, scheduled tasks, etc.)

  • #100587
    Jon

    Participant
    Topics: 13
    Replies: 221
    Points: 112
    Rank: Participant

    I scoped it out to authenticated users, full control on the share and the following NTFS permissions:

    List folder/read data
    Read attributes
    Read extended attributes
    Create files/write data
    Create folders/append data
    Write attributes
    Write extended attributes

  • #174607

    Participant
    Topics: 25
    Replies: 54
    Points: 105
    Rank: Participant

    I wish this post was still open for discussion. I have comments on it.

    transcription logging to network share, what permissions are required

    1. all users have full control of the share
    2. all users have NTFS Write permissions on the folder
    3. Creator/Owner has NTFS Write permissions on the folder
    4. some admin group has NTFS read (and probably more) permissions on the folder

    #3 fixes the issue where #2 only allows any user to create a new log file in the share, but then they can't actually append any logging into that log file.

    also, am I the only person who finds it irritating that the powershell transcripting log file names don't contain the username, only the computer name? and this file name is not configurable via group policy? this seems counterproductive if the suggestion is to have everybody in the company log to a central location, and users are running scripts in RDP server sessions.

You must be logged in to reply to this topic.