What is Permission Analyzer?

Permission Analyzer reports NTFS permissions from the file system combined with user and group data from the Active Directory. All data is stored in a local database and can be retrieved to create overviews of permissions per group or user. You will be able to monitor permissions for entire user groups and receive notifications if undesired permissions are found within your network.

List and filter server permissions, Embedded or external database, use HTML and CSV exports, Modify server permissions, scan the Windows network once and run fast overviews, define audit policies and receive security alerts.

Main Features

Scanning the Windows network and NTFS server permissions

Scanning the Windows network and NTFS server permissions

Configure the directories and LDAP Organizational Units to scan. All directory information and group memberships from Active Directory are saved in a local database file. Run the scan whenever you like or schedule an automated scan. Permission Analyzer supports an external database, allowing multiple workstations to share the same information source.

Viewing server permissions and applying filters

All information is saved on a database, allowing you to conduct targeted search queries in seconds, instead of scanning the whole network every time you want to apply a new filter. Add filters for specific members, all members of a group or LDAP OU, permissions or folders.

List server permissions

Trace NTFS permissions per user or group and track the origin of permissions.

Tracing user and group permissions

The main overview provides an aggregated summary of all server permissions found and may contain the permissions of multiple users or groups. The Trace function is part of the overview and shows you the origin of permissions for a specific user or group and folder (via the group membership or parent folder they have been inherited). Use this view to zoom in on your search results.

Auditing server permissions

Open the audit dashboard to view statistics about the permissions found in the network. The dashboard contains charts for three different categories, “Users and groups”, “Permissions” and “Folder and files”. They show usefull information like a top 25 of users with the most explicit permissions or the balance between different permissions in the network.

Audit server permissions
Creating HTML and CSV exports and security audit policies

Creating HTML and CSV exports and security audit policies

Save your filters as report and export them to HTML or CSV and e-mail. Use Permission Analyzer to run reports automatically using command-line parameters. Save your filters as audit policies and receive e-mail notifications if your policy report contains unwanted permissions.

Modifying server permissions

Quickly modify server permissions from within the application. At the bottom of the search result screen is a tab that allows you to review and modify the Access Control List (ACL) of the selected directory or file. The ACL view corresponds to the Security tab in Windows’ file properties. You will be able to only show Access Control Entries (ACE) that meet the filter criteria by ticking the checkbox “Apply filter on ACL list”. The ACL view toolbar contains a button to directly modify the selected ACE on the file system. Permission Analyzer uses the same Windows mechanisms as the Security tab. When modifying permission through Permission Analyzer, information in the database is updated immediately.

Modifying server permissions
Inspecting nested group memberships

Inspecting nested group memberships

You will be able to request the details of a member or group at various points throughout the application: in the ACL view, Trace view, Member filters or search window for member selection. The member dialogue window shows both memberOf data as well as the members in the case of a group. In both cases nested memberships will also be shown.

Give your feedback

Forgot password?

(*) Required fields

I agree with OptimaSales Terms & Privacy Policy