top of page

PowerShell | Share Permission Audit

Verifying Secure Share Permissions in Windows Files and Folders

Properly managing and verifying share permissions in Windows files and folders is critical for maintaining the security and integrity of sensitive data. Share permissions determine who can access and modify shared resources over a network, ensuring that only authorized users have the appropriate level of access. This article explores the importance of verifying share permissions, best practices for securing shares, and the tools and techniques available for administrators to manage and audit these permissions effectively.

​

The Importance of Verifying Share Permissions

  1. Data Security: Unauthorized access to sensitive data can lead to data breaches, loss of confidential information, and potential legal repercussions. Ensuring that share permissions are correctly set helps protect against such risks.

  2. Compliance: Organizations often need to comply with regulations such as GDPR, HIPAA, or SOX, which require stringent controls over data access. Properly configured share permissions are essential for demonstrating compliance.

  3. Operational Integrity: Misconfigured permissions can lead to accidental data modification or deletion, disrupting business operations. Verifying permissions ensures that users have the appropriate level of access required for their roles without compromising data integrity.

  4. udit and Accountability: Regularly auditing share permissions helps track who has access to what data, providing a clear trail for accountability and forensic investigations in case of security incidents.

Best Practices for Securing Share Permissions

  1. Principle of Least Privilege: Assign the minimum permissions necessary for users to perform their tasks. Avoid granting excessive permissions that can lead to potential misuse or accidental damage.

  2. Use Groups for Permissions: Assign permissions to groups rather than individual users. This simplifies management and ensures consistent application of permissions across multiple users.

  3. Regular Audits: Conduct periodic audits of share permissions to identify and rectify any misconfigurations. Use automated tools to streamline the audit process and ensure comprehensive coverage.

  4. Document Permissions: Maintain clear documentation of share permissions, including the rationale for granting access. This helps in managing permissions over time and provides a reference for audits.

  5. Monitor Access: Implement monitoring solutions to track access to shared resources. This helps in detecting unauthorized access attempts and unusual activity patterns.

Tools and Techniques for Managing Share Permissions
  1. File Explorer: Use the built-in Windows File Explorer to view and modify share permissions. Right-click on the shared folder, select "Properties," go to the "Sharing" tab, and click on "Advanced Sharing" to configure permissions.

  2. PowerShell: PowerShell provides a powerful and flexible way to manage share permissions through scripts. Use the Get-SmbShareAccess and Grant-SmbShareAccess cmdlets to view and configure share permissions.

# Get share permissions
Get-SmbShareAccess -Name "SharedFolder"

# Grant share permissions
Grant-SmbShareAccess -Name "SharedFolder" -AccountName "Domain\GroupName" -AccessRight Full -Force

 3. Group Policy: Use Group Policy Objects (GPOs) to enforce share permissions across multiple machines in a domain. This ensures consistent application of security policies.

 4. Third-Party Tools: Consider using third-party solutions like SolarWinds Access Rights Manager or Netwrix Auditor for advanced management and auditing of share permissions. These tools provide detailed reports, automated audits, and enhanced visibility into share permissions.

 5. Security Auditing: Enable security auditing to log access events. Configure auditing settings to monitor who accesses shared folders and what actions they perform.

# Enable auditing for a shared folder
$acl = Get-Acl -Path "C:\SharedFolder"
$auditRule = New-Object System.Security.AccessControl.FileSystemAuditRule("Domain\GroupName", "Read", "Success")
$acl.SetAuditRule($auditRule)
Set-Acl -Path "C:\SharedFolder" -AclObject $acl

Conclusion

Verifying and securing share permissions in Windows files and folders is a fundamental aspect of data security and compliance. By following best practices and utilizing the available tools and techniques, administrators can ensure that share permissions are appropriately configured, reducing the risk of unauthorized access and enhancing overall data security. Regular audits, adherence to the principle of least privilege, and proper documentation are key to maintaining secure and efficient access control in any organization.

Get-ChildItem - Custom Script Check for Unsecure Folder Permissions

<#
Name: Windows Share Access Tester
Description: Goes to a parent network share that is open to everyone (Domain Users) and tests access to subfolders.
Purpose: Find sub-folder shares that are not locked down and "Domain Users" have access.
Use:
Create a user account on the Domain that is only member of Domain Users.
Log in with the user account and run script against parent file Share.
The script pulls a list of Sub-Dir and then tries to access each sub-dir.
If the user account can access sub-dir it is exported to txt file.
#>

# UNC Parent File Share Path
$PathtoCheck = "\\Servername\ParentShare"
# Goes down one level and grabs subdirectories
$DirList=Get-ChildItem $PathtoCheck -Directory | Select -ExpandProperty Name
# Da Loop
Foreach($Path in $DirList){
#Null Variable
$Child=$NULL
#Test Access to Sub-Dir
$Child=Get-ChildItem "$PathtoCheck\$Path" -Directory -ErrorAction Continue | Select -ExpandProperty Name
#If Dir Inaccessible 
If($Child -eq $NULL){
Write-Host "Access OK"
}Else{

#If Dir Was Accessible
"$PathtoCheck\$Path `t Directory Accessible" | Tee-Object C:\temp\Dir-Check6.txt -Append
}
}

bottom of page