How to Detect Who Has Access to What Data on Windows File Servers

Native Auditing vs. Netwrix Auditor for Windows File Servers

Native Auditing Netwrix Auditor for Windows File Servers

Native Auditing

Netwrix Auditor for Windows File Servers

Steps

Open Powershell ISE and create new script with the following code (define path on the file server and name of the user):

dir -Recurse \\fs1\Shared | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { $_.IdentityReference -like "ENTERPRISE\J.Carter" } | Add-Member -MemberType NoteProperty '.\Application Data' -Value $path1 -passthru }} | Export-Csv "C:\temp\AccountPermissions.csv"

Run the script.
Open the file produced by the script in MS Excel.

How to Detect Who Has Access to What Data on Windows File Servers with PowerShell

Run Netwrix Audor → Click "Reports" → Navigate to File Servers → Choose "File Servers State-in-Time" → Select "Account Permissions"→ Click "View".
To save the file, click the "Export" button → Select PDF format → Save as → Choose a location to save it.

Who Has Access to What Data on Windows File Servers with Netwrix Auditor

How to Detect Who Has Access to What Data on Windows File Servers

Although security breaches can originate from external attacks, they can also stem from insider activity. If users are granted excessive permissions that enable them to access, copy, distribute, modify or delete files on file servers, it can lead to disruption of critical business processes, exposure of sensitive data or even a full-scale data breach.

Previous How-to

How to Stay on Top of Permissions Changes to Public Folders in Exchange Online

Next How-to

How to Create a SQL Server Audit Trigger