Folder Permission Analyzer Tool

/0 Comments/in /by 

<#
.SYNOPSIS
Folder Permission Analyzer Tool

.DESCRIPTION
This script analyzes and audits folder permissions on Windows systems, providing
insights into access rights, inheritance, and potential security issues.

.NOTES
File Name      : FolderPermissionAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, administrator rights
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\FolderPermissionAnalyzer.ps1
#>

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\Folder_Permission_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"
$global:targetPath = ""

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Folder Permission Analyzer Tool ===" -ForegroundColor Cyan
    Write-Host "Current Target Path: $global:targetPath"
    Write-Host "1. Set Target Folder Path"
    Write-Host "2. Analyze Folder Permissions"
    Write-Host "3. Check for Inherited Permissions"
    Write-Host "4. Identify Unique Permissions"
    Write-Host "5. Check for 'Everyone' Permissions"
    Write-Host "6. Analyze Nested Folder Permissions"
    Write-Host "7. Find Folders with Explicit Permissions"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Sets the target folder path for analysis.
#>
function Set-TargetFolderPath {
    $path = Read-Host "Enter the full path of the target folder"
    if (Test-Path -Path $path -PathType Container) {
        $global:targetPath = $path
        Write-Host "Target folder path set to: $global:targetPath" -ForegroundColor Green
    } else {
        Write-Host "Invalid path or folder does not exist." -ForegroundColor Red
    }
}

<#
.SYNOPSIS
Analyzes folder permissions.

.OUTPUTS
Array of PSObjects containing folder permission details.
#>
function Analyze-FolderPermissions {
    Write-Host "`nAnalyzing Folder Permissions..." -ForegroundColor Yellow
    if ([string]::IsNullOrWhiteSpace($global:targetPath)) {
        Write-Host "Target folder path is not set. Please set it first." -ForegroundColor Red
        return $null
    }

    $acl = Get-Acl -Path $global:targetPath
    $results = @()
    foreach ($ace in $acl.Access) {
        $results += [PSCustomObject]@{
            FolderName = Split-Path $global:targetPath -Leaf
            IdentityReference = $ace.IdentityReference
            AccessControlType = $ace.AccessControlType
            FileSystemRights = $ace.FileSystemRights
            IsInherited = $ace.IsInherited
            InheritanceFlags = $ace.InheritanceFlags
            PropagationFlags = $ace.PropagationFlags
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Checks for inherited permissions.

.OUTPUTS
Array of PSObjects containing inherited permission details.
#>
function Check-InheritedPermissions {
    Write-Host "`nChecking for Inherited Permissions..." -ForegroundColor Yellow
    if ([string]::IsNullOrWhiteSpace($global:targetPath)) {
        Write-Host "Target folder path is not set. Please set it first." -ForegroundColor Red
        return $null
    }

    $acl = Get-Acl -Path $global:targetPath
    $results = @()
    foreach ($ace in $acl.Access | Where-Object { $_.IsInherited -eq $true }) {
        $results += [PSCustomObject]@{
            FolderName = Split-Path $global:targetPath -Leaf
            IdentityReference = $ace.IdentityReference
            AccessControlType = $ace.AccessControlType
            FileSystemRights = $ace.FileSystemRights
            InheritanceFlags = $ace.InheritanceFlags
            PropagationFlags = $ace.PropagationFlags
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Identifies unique permissions.

.OUTPUTS
Array of PSObjects containing unique permission details.
#>
function Identify-UniquePermissions {
    Write-Host "`nIdentifying Unique Permissions..." -ForegroundColor Yellow
    if ([string]::IsNullOrWhiteSpace($global:targetPath)) {
        Write-Host "Target folder path is not set. Please set it first." -ForegroundColor Red
        return $null
    }

    $acl = Get-Acl -Path $global:targetPath
    $results = @()
    foreach ($ace in $acl.Access | Where-Object { $_.IsInherited -eq $false }) {
        $results += [PSCustomObject]@{
            FolderName = Split-Path $global:targetPath -Leaf
            IdentityReference = $ace.IdentityReference
            AccessControlType = $ace.AccessControlType
            FileSystemRights = $ace.FileSystemRights
            InheritanceFlags = $ace.InheritanceFlags
            PropagationFlags = $ace.PropagationFlags
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Checks for 'Everyone' permissions.

.OUTPUTS
Array of PSObjects containing 'Everyone' permission details.
#>
function Check-EveryonePermissions {
    Write-Host "`nChecking for 'Everyone' Permissions..." -ForegroundColor Yellow
    if ([string]::IsNullOrWhiteSpace($global:targetPath)) {
        Write-Host "Target folder path is not set. Please set it first." -ForegroundColor Red
        return $null
    }

    $acl = Get-Acl -Path $global:targetPath
    $results = @()
    foreach ($ace in $acl.Access | Where-Object { $_.IdentityReference -eq "Everyone" -or $_.IdentityReference -eq "NT AUTHORITY\Authenticated Users" }) {
        $results += [PSCustomObject]@{
            FolderName = Split-Path $global:targetPath -Leaf
            IdentityReference = $ace.IdentityReference
            AccessControlType = $ace.AccessControlType
            FileSystemRights = $ace.FileSystemRights
            IsInherited = $ace.IsInherited
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Analyzes nested folder permissions.

.OUTPUTS
Array of PSObjects containing nested folder permission details.
#>
function Analyze-NestedFolderPermissions {
    Write-Host "`nAnalyzing Nested Folder Permissions..." -ForegroundColor Yellow
    if ([string]::IsNullOrWhiteSpace($global:targetPath)) {
        Write-Host "Target folder path is not set. Please set it first." -ForegroundColor Red
        return $null
    }

    $results = @()
    $folders = Get-ChildItem -Path $global:targetPath -Directory -Recurse -Depth 2
    foreach ($folder in $folders) {
        $acl = Get-Acl -Path $folder.FullName
        foreach ($ace in $acl.Access) {
            $results += [PSCustomObject]@{
                FolderName = $folder.Name
                FullPath = $folder.FullName
                IdentityReference = $ace.IdentityReference
                AccessControlType = $ace.AccessControlType
                FileSystemRights = $ace.FileSystemRights
                IsInherited = $ace.IsInherited
            }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Finds folders with explicit permissions.

.OUTPUTS
Array of PSObjects containing folders with explicit permissions.
#>
function Find-FoldersWithExplicitPermissions {
    Write-Host "`nFinding Folders with Explicit Permissions..." -ForegroundColor Yellow
    if ([string]::IsNullOrWhiteSpace($global:targetPath)) {
        Write-Host "Target folder path is not set. Please set it first." -ForegroundColor Red
        return $null
    }

    $results = @()
    $folders = Get-ChildItem -Path $global:targetPath -Directory -Recurse
    foreach ($folder in $folders) {
        $acl = Get-Acl -Path $folder.FullName
        if ($acl.Access | Where-Object { $_.IsInherited -eq $false }) {
            $results += [PSCustomObject]@{
                FolderName = $folder.Name
                FullPath = $folder.FullName
                ExplicitPermissionsCount = ($acl.Access | Where-Object { $_.IsInherited -eq $false }).Count
            }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Folder Permission Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Folder Permission Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>
    <p>Target Folder: $global:targetPath</p>

    <h2>Folder Permissions</h2>
    $($AllResults.FolderPermissions | ConvertTo-Html -Fragment)

    <h2>Inherited Permissions</h2>
    $($AllResults.InheritedPermissions | ConvertTo-Html -Fragment)

    <h2>Unique Permissions</h2>
    $($AllResults.UniquePermissions | ConvertTo-Html -Fragment)

    <h2>'Everyone' Permissions</h2>
    $($AllResults.EveryonePermissions | ConvertTo-Html -Fragment)

    <h2>Nested Folder Permissions</h2>
    $($AllResults.NestedPermissions | ConvertTo-Html -Fragment)

    <h2>Folders with Explicit Permissions</h2>
    $($AllResults.ExplicitPermissions | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { Set-TargetFolderPath }
        "2" { $allResults.FolderPermissions = Analyze-FolderPermissions }
        "3" { $allResults.InheritedPermissions = Check-InheritedPermissions }
        "4" { $allResults.UniquePermissions = Identify-UniquePermissions }
        "5" { $allResults.EveryonePermissions = Check-EveryonePermissions }
        "6" { $allResults.NestedPermissions = Analyze-NestedFolderPermissions }
        "7" { $allResults.ExplicitPermissions = Find-FoldersWithExplicitPermissions }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Folder Permission Analyzer Tool includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze various aspects of folder permissions:
    • Analysis of folder permissions
    • Check for inherited permissions
    • Identification of unique permissions
    • Check for ‘Everyone’ permissions
    • Analysis of nested folder permissions
    • Finding folders with explicit permissions
  3. Ability to set a target folder path for analysis.
  4. Comprehensive error handling for each analysis function.
  5. A function to generate an HTML report of all collected data.

Key features:

  • Detailed analysis of folder permissions, including access rights and inheritance
  • Identification of inherited vs. unique permissions
  • Detection of potentially risky ‘Everyone’ permissions
  • Analysis of permissions on nested folders
  • Identification of folders with explicit (non-inherited) permissions
  • Comprehensive HTML report generation

This tool is particularly useful for:

  • System administrators managing file system permissions
  • Security professionals auditing folder access rights
  • IT professionals troubleshooting permission-related issues
  • Compliance officers ensuring proper file system security

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the necessary permissions to access and read folder permissions
  3. Be cautious when analyzing large directory structures, as it may take time for nested folder analysis

This script provides a comprehensive overview of folder permissions, making it easier to audit and maintain proper access controls, identify potential security issues, and ensure the correct configuration of folder permissions across Windows systems.

You might also like
System Information Gatherer
CSV File Validator Tool
Azure Active Directory Monitoring Tool
Script Template for PowerShell
Advanced Network Configuration Analyzer
Advanced Password Generator Tool
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *