Monitor Share and NTFS Permissions and E-Mail Changes

Monitor Share and NTFS Permissions and E-Mail Changes

Recently I set out to find a way to get PowerShell to monitor NTFS and File permissions on a folder and file share. I wanted to know when permissions changed, how they changed (Read permission changed to Write permission), keep historical permission data I can reference, and lastly e-mail me the changes when they changed.

To keep historical data I made it create a new folder for each day it runs. The folder name is the date which is formatted as MMddyyyy. The next day it will run it will import the previous days results and compare them to the results of that day’s. 

A folder is created each day its ran with the name that follows MMddyyyy

Each time the script runs it will append any permission changes to the results CSV file instead of overwriting any previous results. This allows you to get an overview what has changed and when, that will span more than a single day. The CSV file also shows you what permission changed and what it changed to in the From and To column. The Account column will show you which account the permission changed for.

When the script sees that permissions have changed for either NTFS or Share it will e-mail you and the attachment like the one pictured above. If both NTFS and Share permissions changed it will e-mail you both attachments, if only one (NTFS or Share) changed it will only e-mail you the one that changed.

In my example I had it send mail using Office 365 by specifying my smtp server as smtp.office365.com in the script. To send mail we used the Send-MailMessage cmdlet. Since Office 365 requires authentication the script will create a credential PSObject and export it, this will allow it to import the credential object the next time it runs to authenticate to Office 365 without it being stored in plain text. 

The body of the e-mail will tell you which folder/share had a permission change. This can come in handy if you have it monitor multiple files/shares

When the script runs the console will show what it is doing each step of the way. This is helpful if you need to troubleshoot an issue when setting it up in your environment.

 

For best results I recommend setting up a scheduled task that will run this script daily. If you want to monitor multiple folders/shares then set up a separate scheduled task for each and don’t forget to change the path where the results are stored and make it different than where other ones are stored so they do not overwrite one another. 

The script does require the NTFSSecurity module which you can install by launching PowerShell and running

 

Script:

 

 

My name is Bradley Wyatt; I am currently a Technology Specialist at Porcaro Stolarek Mete Partners which is headquartered in Chicago, Illinois. At PSM we provide solutions which are custom designed around the specific needs of each client.

One thought on “Monitor Share and NTFS Permissions and E-Mail Changes

  1. Hi,

    Love this script.
    I am looking for a way for this audit to carry on down child items of a folder and list that in the csv too.
    Could you think of a way to do this?

Leave a Reply

Your email address will not be published. Required fields are marked *