Permission Analyzer supports any version of Active Directory and the scan can take place from any Windows machine within your domain.

Permission Analyzer’s trial version is limited to 2 root directories (unlimited depth of sub directories), 3 member filters and the export to HTML/CSV is limited to a depth of 3 sub directories. If you’d like to try out one of the editions, then just fill out the trial request form.

Permission Analyzer requires no installation, just extract the zip file and run the application! Note that if you extract the application into the Program Files folder of Windows you might run into Windows permission issues, since the application stores information in the application directory. You can run the Permission Analyzer as Administrator or unzip the application into another directory than Program Files.

Version: 2.3.3   (January 29, 2017)

Windows-64bitPermission Analyzer 64-bit

Windows-32bitPermission Analyzer 32-bit

Download the update package (5MB) if you already have Permission Analyzer without an Internet connection for the update service. Extract the zip file in the application directory and start run_update.bat

Give feedback

Version history

2.3.3 (January 29, 2017)
  • Added file owners to the overviews, including a filter on the account name of an owner
  • Added the option to display ownership ratio in the overview (this is default disabled because of the performance impact, but can be enabled in the preferences)
  • Added the option to change the ownership and file inheritance in the context menu of the folder tree
  • Added two new report types: “Groups and nested members” and “Groups and direct members”
  • Added the option to add a server name in the scan list (instead of a directory or network share). The application will scan all the shares of that server, except the hidden drives like c$ and the shares admin$, print$ and ipc$. Use the command-line parameter “-includeSharedDrives” to scan hidden drives like c$ as well.
2.3.2 (November 14, 2016)
Added efficiencies in the scanning process, making scanning much faster.
2.3.1 (November 5, 2016)
Added the feature to import a text file generated by a given PowerShell script.
2.3.0 (October 7, 2016)
  • Created a better separation between reports and policies, including a dialog that shows the current status of all your policies.
  • Added a wizard to create a new policy
  • Renamed the report types and added a new report type that orders the data by user/group
2.2.1 (August 14, 2016)
Added two new tabs in the Report View. One tab with the members of the selected directory and their effective permissions and one tab that displays all users and groups that have been found in the directory tree, including their ACE’s.
2.2.0 (June 19, 2016)
  • Support for Scan Agents that run locally on the file server and submit their information to a central database. The previous version would always truncate the existing data from the database, this is now configurable in the Scan View.
  • A new checkbox has been introduced in the Scan View to exclude inherited permissions from the scan. So besides excluding them in the overview, they can now be excluded from the database completely. This means the database will be a lot smaller (and faster) in that case.
  • The export reports contain a new column with the number of members per directory.
  • Uchecking the member column in the HTML report will now hide the whole ACE row.
  • The HTML reports have a new icon to copy the file path quickly to the clipboard.
2.1.2 (May 06, 2016)
Added support for long file paths (Windows MAX_PATH limitation).
2.1.1 (April 03, 2016)
A new panel has been added to display all members that have been found in the results after the filters are applied.
2.1.0 (February 13, 2016)
A new audit dashboard with 18 charts showing statistics about your network users and groups, permissions and files.
2.0.0 (October 10, 2015)
A complete renewal of version 1.x

Forgot password?

(*) Required fields

I agree with OptimaSales Terms & Privacy Policy