Skip to content

Export-NtfsSecurity

SYNOPSIS

creates NTFS security report as an excell file

SYNTAX

Export-NtfsSecurity [[-unc] <String>] [[-OutputPath] <String>] [[-domain] <String>]
 [[-domainusers_Only] <Boolean>] [[-ExcludedObjects] <Array>] [[-NoGroupmembershipQuery] <Array>]
 [[-GetNestedGroupMembers] <Boolean>] [[-ShowLogonscripts] <Boolean>] [[-CheckOrphanSecurity] <Boolean>]
 [[-ExportToSQL] <Boolean>] [[-DBconnection] <String>] [[-NoLogfile] <Boolean>] [[-debug] <Boolean>]
 [[-language] <String>] [-NtfsAuditUserActivity]

DESCRIPTION

the scripts creates an *.xlsx file with the NTFS security of the given UNC path and it's underlying folder. it only displays the folders where there security is set and skips folders that only inherit all security from it's parent.

the security is displayed for al the users/groups that is set in a povottable. the second part of the report shows the members of the groups with som aditional info per user, like description & last logontime

script alse generates a logfile in the outputpath

EXAMPLES

EXAMPLE 1

Export-NtfsSecurity -Domainusers_Only $false

start the script which asks for an UNC path to analyse and a location to save the report. also include local accounts

EXAMPLE 2

Export-NtfsSecurity -unc "\\server\data\HR" -OutputPath "\\server\NTFS-reports\HR-securityreport.xlsx" -ExcludedObjects "SupportGroup","ApplicationAccount" -NoGroupmembershipQuery "Domain users"

create a report of ""\\server\data\HR and is 's subfolders and save it as "\\server\NTFS-reports\HR-securityreport.xlsx" do not include the AD group "SupportGroup" and the AD account "ApplicationAccount" if the group "domain users" is found, do not display it's members

PARAMETERS

-unc

the unc path to analyse. if no unc pad given, the script will ask you.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OutputPath

the path and file name of the .xlsx report file. if no file given, the script will ask you.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-domain

the domain you want to query. Default the script uses the domain of the user account used to run the script

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: $env:USERDOMAIN
Accept pipeline input: False
Accept wildcard characters: False

-domainusers_Only

only display domain accounts, no local accounts (default = true)

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-ExcludedObjects

array of users and/or groups you want to exclude from the report

Type: Array
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: @()
Accept pipeline input: False
Accept wildcard characters: False

-NoGroupmembershipQuery

array of groups you want to include in the report, but whose group members you don't want to display the groupname is going to be printed in red in the report

Type: Array
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: @()
Accept pipeline input: False
Accept wildcard characters: False

-GetNestedGroupMembers

retrieve users from nested groups (default = $true) only goes 1 level deep, to prevent infinite looping in case of bad groupnesting

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-ShowLogonscripts

append shown user properties with logonscript

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 8
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-CheckOrphanSecurity

checks for inherited secuity where the parent object is missing, this is where in the advanced security tab you'll see "parent object" instead of a UNC path when found, it's printed in purple in the report BEWARE: enabling this makes the script 10 to 20 times slower!!! (default = $false)

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 9
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ExportToSQL

enable export to SQL

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 10
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-DBconnection

{{ Fill DBconnection Description }}

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 11
Default value: NTFS-Database.XML
Accept pipeline input: False
Accept wildcard characters: False

-NoLogfile

Do not create logfile (default = false)

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 12
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-debug

specifies scriptpath, for development use only

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: 13
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-language

{{ Fill language Description }}

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 14
Default value: Nl
Accept pipeline input: False
Accept wildcard characters: False

-NtfsAuditUserActivity

Append shown user with last activity date provided by elastic

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

INPUTS

OUTPUTS

NOTES

You need to have access tot the folders you want to analyse, so this script is best ran as a user who is memeber of the (domain) administrator group