这是一个简单的找出NTFS的风险方法,
实例中,我们得到了系统中所有的环境变量。这些路径是有隐患的应该用NTFS权限保护,应该仅允许管理员组或系统账户使用。
通常软件安装都会添加他们自己的环境变量,但可能并没有保护自身的文件夹。这可能会增加安全风险。下面脚本将找出这类潜在的风险
# list of paths to check for dangerous NTFS permissions $pathsToCheck = $env:Path -split ';' # these are the bits to watch for # if *any* one of these is set, the folder is reported $dangerousBitsMask = '011010000000101010110' $dangerousBits = [Convert]::ToInt64($dangerousBitsMask, 2) # check all paths... $pathsToCheck | ForEach-Object { $path = $_ # ...get NTFS security descriptor... $acl = Get-Acl -Path $path # ...check for any "dangerous" access right $acl.Access | Where-Object { $_.AccessControlType -eq 'Allow' } | Where-Object { ($_.FileSystemRights -band $dangerousBits) -ne 0 } | ForEach-Object { # ...append path information, and display filesystem rights as bitmask $ace = $_ $bitmask = ('0' * 64) + [Convert]::toString([int]$ace.FileSystemRights, 2) $bitmask = $bitmask.Substring($bitmask.length - 64) $ace | Add-Member -MemberType NoteProperty -Name Path -Value $path -PassThru | Add-Member -MemberType NoteProperty -Name Rights -Value $bitmask -PassThru } } | Sort-Object -Property IdentityReference | Select-Object -Property IdentityReference, Path, Rights, FileSystemRights | Out-GridView
原文地址:Identifying Risky NTFS Permissions
本文链接: https://www.pstips.net/identifying-risky-ntfs-permissions.html
请尊重原作者和编辑的辛勤劳动,欢迎转载,并注明出处!
请尊重原作者和编辑的辛勤劳动,欢迎转载,并注明出处!