This document details how to scan and generate a LT Auditor+ Windows Folder Security Permissions Report to display individual group members for all assigned Group Security Principals on specified folders.
- LT Auditor+ framework installed
- Windows Assessment v2.0 and above
- Download and extract the SecurityFolderDetails.zip update from http://bldownloads.blob.core.windows.net/support/SecurityFolderDetails.zip to display the following folders
- Update the LT Auditor+ production database with DBPatch\DBPatch.sql script.
- Copy the file PowerShellScripts\SecurityFolderDetails.ps1 to the folder \Program Files\Blue Lance, Inc\LT Auditor+\Windows Assessment\PowerShellScripts on the machine that hosts the LT Auditor+ Windows Assessment Manager.
- Copy the contents of folder SQL Rpt to \Program Files\Blue Lance, Inc\LT Auditor+\Reporting Console\Rpt\Sql on machines that run the LT Auditor+ Reporting Console.
Setting up Windows Assessment Scans
As this scan requires access to Active Directory to retrieve information about group members, please ensure that required action listed in the table below has been performed.
When scheduling a scan, a new parameter ‘Built-In Security Principals’ has been included as shown below:
The Built-In Security Principals parameter allows exclusion of Windows Built-In accounts like Builtin\Administrators, Builtin\Users etc. The Default is set to exclude collection of built-in security principals, during the scan. To include built-in entities, set this parameter value to 1.
If scanning for a remote Folder Starting Path, enter the remote folder in UNC notation.
Example: To scan remotely for folder D:\Audit on a server called WINRMT enter: \\WINRMT\D$\Audit
A new report query statement has been included for reporting Security Permission details.
This query provided security permissions in a tabular format as shown below:
The column Group represents the following values
- Built-In if the security principal is a Windows system account
- Display the name of the group that was assigned as a security principal. The Security Principal column displays a group member for this group.
- Will not have any value if the security principal is a user or some other object.