How to Get an NTFS Permissions Report using PowerShell

In this post, I’ll show you how to use PowerShell to generate an NTFS permissions report.

The PowerShell Get-Acl cmdlet can be used to return permissions on objects like files, folders, and registry keys. The example below gets the permissions set on the C:\temp folder and all the available properties.

(Get-Acl -Path C:\temp).Access

Get-Acl cannot recursively return all the permissions of folders in the hierarchy. So, if you want to know the permissions set on all folders in a directory tree, you need to use the Get-ChildItem cmdlet with the -Recurse parameter to list all the folders in the tree and then pass the results to Get-Acl using a ForEach loop.

Figure 1

The script below puts the folder hierarchy into a variable ($FolderPath) and then passes each folder to Get-Acl in the first ForEach loop. A second ForEach loop formats each access control entry (ACE) into an ordered list, pulling out just the information that we need, making the results easy to read. The final output ($Output) is then piped to Out-GridView so that you can sort and filter the results.

$FolderPath = Get-ChildItem -Directory -Path "C:\temp" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
    $Acl = Get-Acl -Path $Folder.FullName
    ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Output += New-Object -TypeName PSObject -Property $Properties            
}
}
$Output | Out-GridView

Conlusion

It’s critical that you understand both current and historic File Server permissions to help prevent privilege abuse and maintain a policy of least privilege. Try our File Server auditing solution, LepideAuditor, today and see how it can help you to overcome the limitations of native auditing.

Download LepideAuditor for File Server