Overview

This document details how to scan and generate a LT Auditor+ Windows Folder Security Permissions Report to display individual group members for all assigned Group Security Principals on specified folders.

Prerequisites

  • LT Auditor+ framework installed
  • Windows Assessment v2.0 and above

Setup Instructions

  • Download and extract the SecurityFolderDetails.zip update from http://bldownloads.blob.core.windows.net/support/SecurityFolderDetails.zip to display the following folders
  •  
    Image1

  • Update the LT Auditor+ production database with DBPatch\DBPatch.sql script.
  • Copy the file PowerShellScripts\SecurityFolderDetails.ps1 to the folder \Program Files\Blue Lance, Inc\LT Auditor+\Windows Assessment\PowerShellScripts on the machine that hosts the LT Auditor+ Windows Assessment Manager.
  • Copy the contents of folder SQL Rpt to \Program Files\Blue Lance, Inc\LT Auditor+\Reporting Console\Rpt\Sql on machines that run the LT Auditor+ Reporting Console.

Setting up Windows Assessment Scans

Launch the LT Auditor+ Assessment Console and a new scan called SecurityFolderDetails should be visible as shown:
image2

As this scan requires access to Active Directory to retrieve information about group members, please ensure that required action listed in the table below has been performed.

Screen Shot 2015-08-21 at 12.55.11 AM

Note: For Scenario 1 above, ensure that organizational security policies permit installation of “RSAT-AD-PowerShell’ features on a machine that is not a Domain Controller.

When scheduling a scan, a new parameter ‘Built-In Security Principals’ has been included as shown below:

image3

The Built-In Security Principals parameter allows exclusion of Windows Built-In accounts like Builtin\Administrators, Builtin\Users etc. The Default is set to exclude collection of built-in security principals, during the scan. To include built-in entities, set this parameter value to 1.

If scanning for a remote Folder Starting Path, enter the remote folder in UNC notation.

Example: To scan remotely for folder D:\Audit on a server called WINRMT enter: \\WINRMT\D$\Audit

Reporting

A new report query statement has been included for reporting Security Permission details.

image4

This query provided security permissions in a tabular format as shown below:

image5

The column Group represents the following values

  1. Built-In if the security principal is a Windows system account
  2. Display the name of the group that was assigned as a security principal. The Security Principal column displays a group member for this group.
  3. Will not have any value if the security principal is a user or some other object.