← Back to Tools Index

SMB Audit System

Version: 2.0 Last Modified: February 3, 2026 Author: Doug Hesseltine

Check if your computers are ready for required SMB signing before enforcing it domain-wide.

What Does This Do?

This tool checks every computer in your domain to see if they have SMB signing turned on. It creates a report showing which computers are ready and which ones need to be fixed.

Safe to Run

The audit script only reads information. It does NOT make any changes to your computers.

Why Do I Need This?

Download

Get the Complete Package

Download: smb_audit.zip

What's Inside

The ZIP file contains 5 PowerShell scripts:

Deploy-smb_auditSystem.ps1

Run this FIRST on your Domain Controller. It sets everything up and copies files to the right place.

SMB_Audit.ps1

This checks one computer's SMB settings and saves the results. Deploy this to all computers via N-Central.

N-Central-smb_audit_Launch.ps1

Optional launcher for N-Central. Runs SMB_Audit.ps1 from the network location automatically.

Analyze-smb_audit.ps1

Reads all the audit results and creates an easy-to-read HTML report showing compliance status.

Cleanup-smb_auditShare.ps1

Run this AFTER auditing is complete to remove "Everyone" permissions from the log share for security.

Quick Start Guide

Step 1: Download and Extract

  1. Download smb_audit.zip
  2. Extract it to a folder on your Domain Controller (example: C:\Temp\smb_audit)

Step 2: Run the Setup

  1. Open PowerShell as Administrator
  2. Go to the folder: cd C:\Temp\smb_audit
  3. Run: .\Deploy-smb_auditSystem.ps1
  4. Enter your company name when asked
  5. Enter where to save logs (example: \\YourServer\smb_audit)
    • Note: Creating a new dedicated share is preferred, but you can use a subfolder in an existing share depending on the client's configuration.

The script will create the network folder and copy everything to NETLOGON.

TIP: Script Blocked by Execution Policy?

If PowerShell blocks the script, you can bypass the execution policy temporarily:

PowerShell.exe -ExecutionPolicy Bypass -File .\Deploy-smb_auditSystem.ps1

Learn more: PowerShell Execution Policy Bypass Methods

Step 3: Run the Audit on Computers

Use N-Central to run SMB_Audit.ps1 on all computers, or run it manually:

.\SMB_Audit.ps1

Each computer saves its results to the network share automatically.

Step 4: Check the Report

After computers have run the audit, create the report:

.\Analyze-smb_audit.ps1

Press Enter to use the default location. The report opens in your web browser.

WAIT FOR 100% Before Making Changes!

Do NOT turn on required SMB signing at the domain level until the report shows 100% compliance. If you do it too early, computers will lose access to file shares!

Step 5: Clean Up When Done

Important Security Step

After all audits are collected and you're done using the tool, run the cleanup script to secure the log share:

.\Cleanup-smb_auditShare.ps1

This removes "Everyone" permissions so only administrators can access the logs.

NOTE: If you need to run audits again later, just re-run .\Deploy-smb_auditSystem.ps1 to reset permissions.

What Each Script Does

Deploy-smb_auditSystem.ps1

Purpose: Initial setup - run this first

What it does:

  • Asks for your company name and log folder location
  • Creates the network folder if it doesn't exist
  • Copies all scripts to NETLOGON\smb_audit on your domain
  • Creates a config file so other scripts know where to save results

When to run: Once at the beginning, or again if you need to reset permissions

SMB_Audit.ps1

Purpose: Collect SMB settings from one computer

What it does:

  • Checks the computer's SMB signing settings
  • Automatically finds the domain and reads the config from NETLOGON
  • Saves results to the network share (one CSV file per computer)
  • Does NOT change any settings - read-only

When to run: On every computer you want to audit (via N-Central or manually)

N-Central-smb_audit_Launch.ps1

Purpose: Optional N-Central launcher

What it does:

  • Finds the domain automatically
  • Runs SMB_Audit.ps1 from NETLOGON location
  • Good for N-Central automation

When to run: Use this in N-Central instead of SMB_Audit.ps1 if you prefer

Analyze-smb_audit.ps1

Purpose: Create the compliance report

What it does:

  • Reads all the CSV files from the network share
  • Combines them into one report
  • Shows you how many computers are ready (percentage)
  • Creates a color-coded HTML file that opens in your browser
  • Lets you save the report in the logs folder or locally

When to run: Whenever you want to check progress

Cleanup-smb_auditShare.ps1

Purpose: Secure the log share when done

What it does:

  • Removes "Everyone" permissions from the log share
  • Keeps access for Domain Admins and Domain Controllers
  • Makes the share more secure

When to run: After you're done collecting audits and don't need computers writing to the share anymore

The Complete Process

Overview

Here's the full workflow from start to finish:

  1. Setup: Run Deploy-smb_auditSystem.ps1 on Domain Controller
  2. Collect Data: Run SMB_Audit.ps1 on all computers (via N-Central or manually)
  3. Check Progress: Run Analyze-smb_audit.ps1 to see compliance percentage
  4. Fix Computers: Use Group Policy to enable SMB signing on non-compliant computers
  5. Repeat: Run audits again and check progress until 100%
  6. Enforce: When at 100%, enable required SMB signing at domain level
  7. Secure: Run Cleanup-smb_auditShare.ps1 to remove "Everyone" permissions

Understanding the Report

The HTML report uses colors to show status:

What "Compliant" Means

A computer is fully compliant when BOTH of these are set to "Required":

Common Problems

Can't Find Scripts in NETLOGON

Check if they're there:

dir \\YourDomain\NETLOGON\smb_audit

If empty, run deploy again:

.\Deploy-smb_auditSystem.ps1
Can't Access Network Share

Test if you can reach it:

Test-Path \\YourServer\smb_audit

Check permissions:

Get-SmbShareAccess -Name "smb_audit"
No CSV Files Found

Possible reasons:

  • Audits haven't run on computers yet
  • Computers can't write to the network share
  • Wrong path specified

Check the folder:

dir \\YourServer\smb_audit\*.csv
← Back to Tools Index