Powershell检查NTFS权限


这是一个简单的找出NTFS的风险方法,

实例中,我们得到了系统中所有的环境变量。这些路径是有隐患的应该用NTFS权限保护,应该仅允许管理员组或系统账户使用。

通常软件安装都会添加他们自己的环境变量,但可能并没有保护自身的文件夹。这可能会增加安全风险。下面脚本将找出这类潜在的风险

# list of paths to check for dangerous NTFS permissions
$pathsToCheck = $env:Path -split ';'

# these are the bits to watch for
# if *any* one of these is set, the folder is reported
$dangerousBitsMask = '011010000000101010110'
$dangerousBits = [Convert]::ToInt64($dangerousBitsMask, 2)

# check all paths...
$pathsToCheck | 
ForEach-Object { 
  $path = $_
  # ...get NTFS security descriptor...
  $acl = Get-Acl -Path  $path
  # ...check for any "dangerous" access right
  $acl.Access |
  Where-Object { $_.AccessControlType -eq 'Allow' } |
  Where-Object { ($_.FileSystemRights -band $dangerousBits) -ne 0 } |
  ForEach-Object {
    # ...append path information, and display filesystem rights as bitmask
    $ace = $_
    $bitmask = ('0' * 64) + [Convert]::toString([int]$ace.FileSystemRights, 2)
    $bitmask = $bitmask.Substring($bitmask.length - 64)
    $ace | Add-Member -MemberType NoteProperty -Name Path -Value $path -PassThru | Add-Member -MemberType NoteProperty -Name Rights -Value $bitmask -PassThru
  }
} |
Sort-Object -Property IdentityReference |
Select-Object -Property IdentityReference, Path, Rights, FileSystemRights |
Out-GridView

原文地址:Identifying Risky NTFS Permissions

本文链接: https://www.pstips.net/identifying-risky-ntfs-permissions.html
请尊重原作者和编辑的辛勤劳动,欢迎转载,并注明出处!

发表评论

您的电子邮箱地址不会被公开。 必填项已用 * 标注