How to Get an NTFS Permissions Report using PowerShell

Analyze and Get Report on NTFS Permissions with Lepide File Server Auditor
x
2 min read | Updated On - December 22, 2023
In This Article

In this post, I’ll show you how to use PowerShell to generate an NTFS permissions report.

How to use Get-Acl cmdlet to Get an NTFS Permissions Report

The PowerShell Get-Acl cmdlet can be used to return permissions on objects like files, folders, and registry keys. The example below gets the permissions set on the C:\temp folder and all the available properties.

(Get-Acl -Path C:\temp).Access

Get-Acl cannot recursively return all the permissions of folders in the hierarchy. So, if you want to know the permissions set on all folders in a directory tree, you need to use the Get-ChildItem cmdlet with the -Recurse parameter to list all the folders in the tree and then pass the results to Get-Acl using a ForEach loop.

Get-Acl cmdlet
Figure 1

The script below puts the folder hierarchy into a variable ($FolderPath) and then passes each folder to Get-Acl in the first ForEach loop. A second ForEach loop formats each access control entry (ACE) into an ordered list, pulling out just the information that we need, making the results easy to read. The final output ($Output) is then piped to Out-GridView so that you can sort and filter the results.

$FolderPath = Get-ChildItem -Directory -Path "C:\temp" -Recurse -Force
$Output = @()
ForEach ($Folder in $FolderPath) {
    $Acl = Get-Acl -Path $Folder.FullName
    ForEach ($Access in $Acl.Access) {
$Properties = [ordered]@{'Folder Name'=$Folder.FullName;'Group/User'=$Access.IdentityReference;'Permissions'=$Access.FileSystemRights;'Inherited'=$Access.IsInherited}
$Output += New-Object -TypeName PSObject -Property $Properties            
}
}
$Output | Out-GridView

How Lepide Helps

It’s critical that you understand both current and historic File Server permissions to help prevent privilege abuse and maintain a policy of least privilege. Our Lepide File Server Auditor can easily analyze current effective permissions held by users on files and folders, as well as changes made to permissions, inherited permissions, direct permissions and indirect permissions. Click here to know more.

The following screenshot of Lepide File Server Auditor shows current permissions by users:

Permissions by users
Figure 1: Current permissions report

The following screenshot of Lepide File Server Auditor shows the user permissions on folder ‘test’:

Permissions by users report
Figure 2: Permissions by users report

In addition to the permissions reports shown above, you can also reverse permissions for an object.

Reverse Permissions
Figure 3: Reverse Permissions

Apart from doing permission analysis, you can also audit changes made to your files and folders in real-time and get detailed audit reports with Lepide File Server Auditor.
Check out our Lepide File Server Auditor Solution
x
Learn More...

Analyze and Get Report on NTFS Permissions with Lepide File Server Auditor

x
Learn More...