Configuring and monitoring file server permissions is crucial for managing access control and ensuring data security within an organization. Best practice recommends assigning permissions through group membership rather than directly to individuals to ensure that sensitive information is protected, unauthorized access is prevented, and users will be able to perform their tasks without compromising data integrity.
By determining how permissions are assigned and identifying those users who have directly applied file server permissions, you can easily remove inappropriate access and thereby strengthen your IT system and data security.
In this article, we will look first at the native way of using PowerShell to track who accesses files on Windows File Servers in your organization. Then we will look at a more straightforward approach using the Lepide Data Security Platform.
Using PowerShell
Please follow below steps:
- Open PowerShell ISE and create a new script with the code shown below.
- Specify your path on the file server and the name of user:
dir -Recurse \\fs1\Shared | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { $_.IdentityReference -like "ENTERPRISE\P.Smith" } | Add-Member -MemberType NoteProperty '.\Application Data' -Value $path1 -passthru }} | Export-Csv "C:\temp\PermissionsReport.csv" - Run the script
- Open the file produced by the script in MS Excel
How Lepide Helps
The Lepide Data Security Platform offers a more straightforward way to have visibility over who has access to what. The Permissions by Object report is one of the many pre-defined reports which are included within the Lepide Trust (component of Lepide Data Security Platform) and an example of this is shown below:
To run the report:
- Select Lepide Trust
- Expand Current Permission Analysis
- Select Permissions by Object
- Generate the report
