File sharing in Google Drive is a lot like handing out spare keys. It starts with one “quick share,” then months later you can’t remember who has a copy, who can edit, and which link is still floating around in a chat thread.
A google drive sharing audit doesn’t need a full security project. With a timer, a few search operators, and the right clicks in today’s (early 2026) Drive interface, you can find the riskiest shares and shut them down in one sitting.
Your 20-minute Google Drive sharing audit (minute-by-minute) + printable checklist
Set a 20-minute timer and stay strict. The goal is to find exposure fast, then fix the highest-risk items first.
The 20-minute timer plan
- Minute 0 to 2: Prep Open Drive on the web at drive.google.com. Use a normal browser window (not incognito) so you can change access quickly. In the top-right, confirm you’re in the right account.
- Minute 2 to 6: Find public and link-shared files
In the Drive search bar, run
is:publicfirst. Then trysharing:public(Google sometimes changes which one returns results). - Minute 6 to 10: Find externally shared items you own
Search
owner:meand use the search filters (slider or filter icon in the search bar) to narrow Shared with to people outside your org, if the option appears. If not, sort by “Shared” and focus on files with the shared icon. - Minute 10 to 15: Check top folders for inherited sharing Open your top 3 work folders (or any folder that “contains everything”). Right-click the folder, choose Share, then Manage access (or Advanced) and review who is listed.
- Minute 15 to 18: Spot sneaky editors For your most sensitive file or folder, right-click it, select View details, then open the Activity tab. Look for edits at odd times, unknown names, or bursts of access changes.
- Minute 18 to 20: Verify and record Re-check the most important item’s link status (Share panel), then note what you changed so you can repeat the audit later.
Printable checklist (quick reference)
| Check | Where to click in Drive (web) | What “good” looks like |
|---|---|---|
| Public on web | Search is:public | No results, or you remove public access |
| Anyone with link | File, Share (top-right), Get link | Restricted unless it’s meant to be link-shared |
| Unexpected editors | Share → Manage access | Only required editors, most people are Viewer/Commenter |
| Inherited access | Folder Share → Manage access | Folder sharing is tight, no broad groups |
| Recent changes | Right-click → View details → Activity | Changes match real work, not surprises |
| Download/copy/print | Share → Settings (gear icon) | Off for sensitive files when available |
If you want context on how teams approach Drive permission reporting at scale, Folgo’s overview of auditing Google Drive permissions is a helpful reference.
Find public files, old links, and external shares with Drive search operators
In early 2026, Drive’s layout has more padding and rounded containers, but the search bar still does the heavy lifting. Start broad, then narrow.
Run these searches first (copy and paste)
is:public
Pulls items visible to anyone, or published to the web. If it returns nothing, trysharing:public.owner:me is:public
Focuses on public items you can actually fix.owner:me older_than:1y
This is your “stale content” list. Old files are where forgotten links hide.owner:me older_than:1y (spreadsheet OR document OR presentation)
Not every Drive account supports parentheses the same way, so if this fails, run separate searches bytype:spreadsheet,type:document, andtype:presentation.owner:meplus the search filter for Shared with
Click the search filter icon and set Owner: Me, then use Shared with if it offers “Outside your organization” (some Workspace domains show this). If your UI doesn’t show that filter, you can still review sharing from the Share panel on each high-risk file.
A good mental model is: search finds candidates, the Share dialog confirms the truth.
For more background on identifying public links in Drive, Strac’s explainer on finding publicly shared files matches what most users see in practice, even when Google shifts labels.
Don’t forget the “old links” trap
Drive doesn’t give you a neat “expired links” report. A file shared with “Anyone with the link” in 2022 can still be open today unless you changed it. Your best shortcuts are:
- Search for older content with
older_than:1y, then check Share → Get link. - Use View details → Activity to spot link sharing changes, permission edits, and unusual access patterns.
Change permissions safely, catch sneaky editors, and verify your fixes
Once you’ve found risky files, fix them in a way that doesn’t break real work.
Read the Share panel like an investigator
Select a file, click Share (top-right). In the dialog:
- Under People with access, scan for names you don’t recognize and any Editor roles that feel too broad.
- Under General access (or Get link), watch for Anyone with the link and Public on the web.
If the dialog shows Manage access, open it. Some accounts still show Advanced instead. Both lead to the full permission list.
Safe permission moves (and when to use them)
- Change Editor to Commenter or Viewer: Use this when someone needs visibility, not control. It reduces risk of accidental resharing and silent edits.
- Remove access: In Manage access, click the role dropdown next to a person, then choose Remove. Do this when the person is no longer involved.
- Set expiration dates: In many Workspace setups, you can add expiration for Viewer or Commenter. Open the person’s access row, choose Add expiration. If you don’t see it, your org may disable it, or the target is a group.
- Turn off download, copy, print (where available): In the Share dialog, click the Settings gear. Toggle off the option that lets viewers and commenters download, print, or copy. This usually applies to files, not folders.
How “sneaky editors” happen (and how to remove them)
Most surprise editors come from three places:
- Inherited folder permissions: If a folder is shared widely, every file inside inherits that access. In Manage access, look for hints like “Inherited from” or a folder reference. Open the folder’s Share settings and tighten them there.
- Shared drive membership (Workspace): In shared drives, access often follows membership rules. If someone is a member with Content manager style rights, they can gain broad edit power. Fix it at the shared drive level, not file-by-file.
- Group-based access: You might see a Google Group (like team-all@) listed as an Editor. If that group is large, it’s a quiet way to create too many editors at once. Replace the group with a smaller group, or drop it to Viewer.
To confirm suspicious behavior, open the file’s audit trail: right-click the file, choose View details, then Activity. If you need a deeper admin-focused view of sharing risk patterns, GAT Labs’ guide on Google Drive file sharing audits is a solid starting point.
Common pitfalls and a quick verification step
Pitfalls that waste time:
- Folder sharing that quietly grants file access.
- “Anyone with the link” used for one external contractor, then forgotten.
- Files embedded on websites or wikis. Changing access can break the embed.
- Shared drives where membership overrides your file-level intent.
After you change sharing, verify one critical file: copy the link, open an incognito window, paste it, and confirm it no longer opens (or it prompts for sign-in). Back in Drive, open Share again and confirm General access shows Restricted (or the exact setting you intended).
A simple ongoing policy you can keep
Run a light review monthly for teams that share outside the org, quarterly for everyone else. Default to Restricted, share to named people, and treat “Anyone with the link” as a time-limited exception you clean up fast.
When sharing feels convenient, remember the spare key problem. A 20-minute google drive sharing audit keeps convenience from turning into exposure.
