This document details how to scan and generate a LT Auditor+ Windows Folder Security Permissions Report to display individual group members for all assigned Group Security Principals on specified folders.


  • LT Auditor+ framework installed
  • Windows Assessment v2.0 and above

Setup Instructions

  • Download and extract the SecurityFolderDetails.zip update from http://bldownloads.blob.core.windows.net/support/SecurityFolderDetails.zip to display the following folders

  • Update the LT Auditor+ production database with DBPatch\DBPatch.sql script.
  • Copy the file PowerShellScripts\SecurityFolderDetails.ps1 to the folder \Program Files\Blue Lance, Inc\LT Auditor+\Windows Assessment\PowerShellScripts on the machine that hosts the LT Auditor+ Windows Assessment Manager.
  • Copy the contents of folder SQL Rpt to \Program Files\Blue Lance, Inc\LT Auditor+\Reporting Console\Rpt\Sql on machines that run the LT Auditor+ Reporting Console.

Setting up Windows Assessment Scans

Launch the LT Auditor+ Assessment Console and a new scan called SecurityFolderDetails should be visible as shown:

As this scan requires access to Active Directory to retrieve information about group members, please ensure that required action listed in the table below has been performed.

Screen Shot 2015-08-21 at 12.55.11 AM

Note: For Scenario 1 above, ensure that organizational security policies permit installation of “RSAT-AD-PowerShell’ features on a machine that is not a Domain Controller.

When scheduling a scan, a new parameter ‘Built-In Security Principals’ has been included as shown below:


The Built-In Security Principals parameter allows exclusion of Windows Built-In accounts like Builtin\Administrators, Builtin\Users etc. The Default is set to exclude collection of built-in security principals, during the scan. To include built-in entities, set this parameter value to 1.

If scanning for a remote Folder Starting Path, enter the remote folder in UNC notation.

Example: To scan remotely for folder D:\Audit on a server called WINRMT enter: \\WINRMT\D$\Audit


A new report query statement has been included for reporting Security Permission details.


This query provided security permissions in a tabular format as shown below:


The column Group represents the following values

  1. Built-In if the security principal is a Windows system account
  2. Display the name of the group that was assigned as a security principal. The Security Principal column displays a group member for this group.
  3. Will not have any value if the security principal is a user or some other object.