Overview
This document details how to scan and generate a LT Auditor+ Windows Folder Security Permissions Report to display individual group members for all assigned Group Security Principals on specified folders.
Prerequisites
- LT Auditor+ framework installed
- Windows Assessment v2.0 and above
Setup Instructions
- Download and extract the SecurityFolderDetails.zip update from http://bldownloads.blob.core.windows.net/support/SecurityFolderDetails.zip to display the following folders
- Update the LT Auditor+ production database with DBPatch\DBPatch.sql script.
- Copy the file PowerShellScripts\SecurityFolderDetails.ps1 to the folder \Program Files\Blue Lance, Inc\LT Auditor+\Windows Assessment\PowerShellScripts on the machine that hosts the LT Auditor+ Windows Assessment Manager.
- Copy the contents of folder SQL Rpt to \Program Files\Blue Lance, Inc\LT Auditor+\Reporting Console\Rpt\Sql on machines that run the LT Auditor+ Reporting Console.
Setting up Windows Assessment Scans
Launch the LT Auditor+ Assessment Console and a new scan called SecurityFolderDetails should be visible as shown:
As this scan requires access to Active Directory to retrieve information about group members, please ensure that required action listed in the table below has been performed.
Note: For Scenario 1 above, ensure that organizational security policies permit installation of “RSAT-AD-PowerShell’ features on a machine that is not a Domain Controller.
When scheduling a scan, a new parameter ‘Built-In Security Principals’ has been included as shown below:
The Built-In Security Principals parameter allows exclusion of Windows Built-In accounts like Builtin\Administrators, Builtin\Users etc. The Default is set to exclude collection of built-in security principals, during the scan. To include built-in entities, set this parameter value to 1.
If scanning for a remote Folder Starting Path, enter the remote folder in UNC notation.
Example: To scan remotely for folder D:\Audit on a server called WINRMT enter: \\WINRMT\D$\Audit
Reporting
A new report query statement has been included for reporting Security Permission details.
This query provided security permissions in a tabular format as shown below:
The column Group represents the following values
- Built-In if the security principal is a Windows system account
- Display the name of the group that was assigned as a security principal. The Security Principal column displays a group member for this group.
- Will not have any value if the security principal is a user or some other object.