How to detect if a user has excessive permissions on shared folders

Umendra Singh by   06.30.2017   Data Security

How to detect if a user has excessive permissions on shared folders

Windows File Server act as a repository of files and folders, which can be accessed by many users. Though there are many benefits to a collaborative work environment, preventing unauthorized access by tracking permissions to shared folders can become tricky. In this article, we will show you how to detect shared folder permissions on Windows File Server using our award-winning LepideAuditor.

Why is it important to track shared folder permissions for a user?

To ensure that users have access only to the shared folders that they need to do their job, Administrators need detailed permissions reports of all shared folders within their IT environment. These reports will inform if any user has excessive levels of permissions that could lead to them becoming an insider threat.

In large organizations, with numerous users and ever-increasing workforce, it may be tough for an administrator to track access permissions for every user account using native methods. A pro-active and continuous solution is needed to stay on top of File Server permissions.

How to view effective permissions on shared folders?

There are native ways to generate a shared folder permissions report on file servers, but they require running complex third party PowerShell or Visual Basic scripts, which can be from untrusted sources and the result of running unknown script cannot be evaluated. You can also view the permissions manually. Below is the process to view permissions on shared folder manually:

1. Launch Windows Explorer, and then find the shared folder for which you want to view effective permissions.

2. Right-click the shared folder, click “Properties” in the context menu, and then go to the “Security” tab.

3. Click “Advanced” to view “Advanced Security Settings”. The following window appears on the screen and displays “Permissions” tab by default.

Permissions-Tab-of-Advanced-Security-Settings

Figure 1: Permissions Tab of “Advanced Security Settings”

4. Double-click any record to see all the permissions assigned to that user.

permission-entry-testuser1

Figure 2: Permission Entries for TestUser1 on “Shared 1” folder

The selected check boxes indicate the effective permissions of the user on the selected shared folder.

Why use LepideAuditor for File Server

The native method to generate user permission reports using third-party scripts is not recommended because you do not know what commands are included in this script and what will be the exact result. Sometimes running such unknown script can create an unwanted threat for IT security of your organization.

Lepide File Server Auditor gives you an easy way of viewing currently effective permissions on shared folders on Windows File Server. With this solution, you can add the audited domains and generate reports with a few clicks.

Using LepideAuditor for File Server to Detect Permissions

You can use LepideAuditor to track user permissions on shared folders. It shows you the effective permissions, which are calculated by comparing the NTFS permissions with Share Permissions.

The following image displays “Permission Analysis” section of “Audit Reports” tab in LepideAuditor Console. Here, “Current Permission Report” for File Server is displaying the currently effective permissions of the selected shared folder.

current-permission-report

Figure 3: Current Permission Report for the selected folder

The different options on the top bar of “Permissions” report let you perform the operations like filter report as per selected permission, show records for an account only, investigate permission changes, show direct permissions, show indirect permissions, and save the report. You can switch to “Permissions by User” tab to view the same report sorted as per users.

current-permissions-by-users

Figure 4: Current Permissions on “Shared1” folder sorted as per users

If you want to check the permissions for a user, suppose “TestUser1”, click the yellow icon in “Effective Permission” column in any tab. It shows “Permissions” window for that user.

permissions-window

Figure 5: All permission of “TestUser1” on “Shared 1” folder

Here, you can see all the permissions assigned to the user on the selected folder.

In this way, “Current Permission Report” shows permissions of all users on the selected shared folders and its content. With such visualization, excessive permissions can be easily detected. You can also configure LepideAuditor to send real-time alerts whenever changes are made to user permissions on the shared folders.

Conclusion

In this article, you have seen how to detect excessive permissions for shared folders on Windows File Server through using LepideAuditor. The solution has current permission reports that provide detailed visibility into shared folder permissions across file servers so that IT admins can detect and eliminate excessive permissions before they become a problem.


Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All Trademarks Acknowledged.