top of page

PowerShell | Search for Everyone Group on Secondary Drives  

Best Practice Restrict 'Everyone' from Drive Root (D:\)

Restricting the 'Everyone' group from having permissions on the root drives of a Windows system is a crucial security measure to protect sensitive system files and prevent unauthorized access. Here's a detailed guide on how to configure Windows security policies to ensure the 'Everyone' group does not have permissions on root drives.

Importance of Restricting 'Everyone' Group Access

  • Security: Prevents unauthorized users from accessing critical system files and directories, reducing the risk of malware, data breaches, and other security threats.

  • Compliance: Helps comply with security best practices and regulatory requirements by ensuring only authorized users have access to sensitive areas of the system.

  • System Integrity: Protects system integrity by limiting the ability of users to modify or delete essential system files.

This is one of those security audit items I was tasked with. I have to check each system to see if they have a secondary drive. If they have a secondary drive that is a disk, I have to check to see if the Everyone group is on the root drive NTFS permissions and report it.

#========================================================== # Click Read More to See Full Script! #========================================================== $MyCommand={       #Decalre Array       $MyArray=@()       #Get List of Drives       $MyDrives=Get-WmiObject Win32_LogicalDisk | Where{($_.Size -ne $Null) -and ($_.DeviceID -ne "C:")} | Select -ExpandProperty DeviceID       #If Drives Exists       If($MyDrives -ne $Null){           #Loop Through Drive            Foreach($Drive in $MyDrives){               #Decalre Array               $MyData=@()               #Gets ACL on Drive               $MyData=get-acl $Drive                   #Loop Through Users / Groups Searching for Match of Everyone                   Foreach($Item in $MyData.Access.IdentityReference){                           #If Finds Add to Array or Else                           If($Item -like "*Everyone*"){                               $MyArray+="$Env:Computername - $Drive - $Item - Failed Check"                           }Else{                               $MyArray+="$Env:Computername - $Drive - $Item - Passed Check"                           }                   }           }           #Returns Data           Return $MyArray       }Else{           #If No Spare Drives Found            Return "$Env:Computername - No Spare Drives"       }   }     #==========================================================   # Command to Query Active Directory for Enabled Systems    #==========================================================   $Computers=Get-ADComputer -properties * -Filter * | Where{($_.Operatingsystem -like "Windows*") -and ($_.Enabled -eq $True)} | Select -ExpandProperty Name    #Makes all Systems Upper CASE (I Like it Like that)   $MyCAPComputers=$Computers.ToUpper()      #====================================================================   # Command to Check for Systems online that respond to WinRM   #====================================================================   #Declare Array For Passing Systems    $MyComputersPassWinRM=@()     Foreach ($Comp in $MyCAPComputers){ if ((Test-Connection -ErrorAction SilentlyContinue –ComputerName $Comp –Quiet –Count 1) –and ((Invoke-Command -ErrorAction SilentlyContinue –ComputerName $comp –ScriptBlock { 1 }) –eq 1)){           $MyComputersPassWinRM+=$Comp       }   }     #====================================================================   # Command to run against all systems that passed WinRM test :)   #====================================================================   Invoke-Command $MyComputersPassWinRM -ScriptBlock $MyCommand | Tee-Object C:\temp\Secondary-Hard-Drives.txt

bottom of page