PowerShell: How to Detect Excessive Permissions of "Everyone" Group on File Servers

Why It Is Important

Security breaches do not only originate from external attacks but also stem from internal factors, such as negligence on the part of IT staff. Members of "Everyone" group can be granted excessive permissions by mistake. This will allow them to copy, distribute, modify, or delete files on file servers which, in turn, can lead to crippling consequences for an organization, including exposure of sensitive data. That’s why it is highly recommended that existing permissions of “Everyone” group are audited on regular basis. 

Native Auditing 

• 1. We need to know what folder(s) group “Everyone” has access to. Run the following script in Powershell filling up “File Share Path” and “.csv File Name and Path” parameters:

  Get-ChildItem -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { $_.IdentityReference -like "Everyone" } | Add-Member -MemberType NoteProperty -name "File Share Path" -Value $path1 -passthru }} | export-csv ".csv File Name and Path
  

• 2. Open created .csv file via Microsoft Excel and check which folders group “Everyone” has access to.

• 3. In order to find out other user or group permissions just type the name instead of word “Everyone” in the script.

• 4. Real Life Use Case: View

Credits

Originally posted: https://start.netwrix.com/how_to_monitor_excessive_permissions_in_everyone_group_on_file_servers.html