Today we're going to look at some of the Best NTFS Effective Permissions Software and tools to help you analyze, create reports and secure files, folders and active directory elements from abuse and mis-configuration!
Keeping track of your local NTFS Permissions is essential if you are looking to stay on top of all of the critical elements that are required of you as a system administrator.
There are many different metrics that you need to take into consideration across multiple domains, many of which require manual inspection and inconvenient tasks like trawling through log files and checking the Active Directory permission structures user by user.
Not only is it a waste of time that could have been far better spent with more productive tasks, but it is seriously not fun having to check each user and make note of their group and file permissions.
Luckily for us there are some really good applications that have been developed over the years which have made the need for manually trudging through long lists and log archives to try and find the information that you need.
Here's a look at some of the best tools for managing permissions in NTFS:
- SolarWinds Access Rights Manager – FREE TRIAL A full replacement for the native Active Directory management screens that provides automated analysis of the permissions structure for files and enables them to be shared and duplicated between domains. Runs on Windows Server. Access a 30-day free trial.
- Permissions Analyzer for Active Directory – FREE TOOL A free tool that quickly displays all of the file permissions on different AD-controlled systems for a specific group or account. Runs on Windows Server. Download 100% free tool.
- ManageEngine ADManager Plus – FREE TRIAL An interface for Active Directory that lets you sort out permissions, user accounts, and groups thanks to built-in permissions analysis. Available for Windows Server, AWS, and Azure. Start 30-day free trial.
- ManageEngine ADAudit Plus – FREE TRIAL A user activity tracking system that logs file access events and file changes. Available for Windows Server, AWS, and Azure. Start 30-day free trial.
- CJWDEV A suite of tools that includes an NTFS permissions analyzer and an Active Directory analyzer offered in free and paid versions. Runs on Windows and Windows Server.
- TreeSize from JAM Software A disk management utility that allocates space for specific types of files. Runs on Windows.
- AD FastReporter by AlbusBit An analyzer of access rights and resource permissions contained in Active Directory that is offered in free and paid versions. Runs on Windows.
- Vyapin NTFS Security Auditor Analysis for file and folder permissions as held in NTFS that also provides access logging. Runs on Windows.
- DSRAZOR for Windows Analyzes NTFS permissions in AD and enables better security for user accounts. Runs on Windows.
- NTFS Permissions Auditor by Albusbit With this tool you get quick analysis reports on NTFS permissions in AD and tools to implement security improvements. Available for Windows and Windows Server.
Instead, wizards and step by step report builders will guide you through the process, so you can get the information that you need in next to no time at all.
We will be looking at some of the better examples that are out there, as well as how they work and what separates each one from one another.
These should make your daily workload that much lighter, and more enjoyable.
Let’s take a look and see which of these applications have the right balance of usability and functionality, while meeting your budgetary and technical requirements.
The Best NTFS Permissions Reporting Software
SolarWinds Access Rights Manager is an application that has been designed to make the work of IT administrators much easier by analyzing user permissions and authorizations for Active Directory, Microsoft Exchange and file shares.
This helps to protect the overall security stance of the organization from common security threats such as viruses and hackers, while minimizing data loss and leakage.
Access Rights Manager allows admins to:
- Save Time by Automating User Access Management Tasks and Analysis, while Streamlining enforcement processes by identifying compromised and unsafe accounts and keeping comprehensive logs and audit trails.
- Be more productive by generating comprehensive user access reports, which allows your team to remain compliant with regulatory requirements.
- Simplify the user management process by providing user templates that let you quickly and easily provision and de-provision large numbers of people with a few mouse clicks.
- Permission management is offloaded onto users with a self-service portal that means that your team can get more work done without having to get involved with user shares and permissions.
The benefits of using Solarwinds Access Rights Manager are easy to see, as it allows admins to monitor Active Directory and Exchange, while auditing and file shares are all handled from a single application.
Even SharePoint is accessible to the application, giving your team valuable information about the current state of your intranet.
User management and provisioning makes it easier than ever to add and remove users.
- Provides a clear look into permission and file structures through automatic mapping and visualizations
- Preconfigured reports make it easy to demonstrate compliance
- Any compliance issues are outlined after the scan and paired with remediation actions
- Sysadmins can customize access rights and control in Windows and other applications
- SolarWinds Access Rights Manager is an in-depth platform designed for sysadmin which may take time to fully learn
If you want to take a look at this awesome application, download it from 100% Free for 30 Days!
Pricing: Download a 30-day free trial!
SolarWinds have yet another tool for analyzing and auditing users and network shares on your Active Directory, aptly named Permissions Analyzer for Active Directory.
It lets you sort through the sometimes never ending mess and chaos of a disorganized permission set for Active Directory users, network shares and shared folders.
It is also very useful for file and user permissions as well as group management.
- It lets you see how user permissions are inherited through the hierarchical structure
- You can browse through all of the permissions and order them by group or individual user
- Get a better idea of user permissions by viewing group memberships and permissions
It is really important to quickly check through the Active Directory setup of your environment as soon as possible, and what better way to accomplish this than with a free and easy-to-use tool like SolarWinds Permissions Analyzer for Active Directory?
- Provides a simple yet powerful way to gain insight into your access controls and account security
- Offers a great visual way to see inherited permissions and permission groups
- Supports continuous permission monitoring
- Great for audits, detecting inside threats, and ATO attack prevention
- Is completely free
- Ideal for larger more complex environments
It has all of the basic functionality that you could need.
It is limited in reporting and advanced features, but as a free and easy-to-use tool it is really valuable.
Pricing: 100% Free For Life
It allows users to generate reports and manage the Active Directory with an easy to navigate application that will give you and your team an amazing overview of what is going on within your Active Directory.
ADManager Plus is a web-based solution for all your Active Directory (AD), Exchange, Skype for Business, G Suite, and Office 365 management needs.
It simplifies several routine tasks such as provisioning users, cleaning up dormant accounts, managing NTFS and share permissions, backup and recovery of objects, and more.
ADManager Plus also offers more than 180 prepackaged reports, including reports on inactive or locked-out AD user accounts, Office 365 licenses, and users' last logon times. Perform management actions right from these reports.
Build a custom workflow structure that will assist you in ticketing and compliance, automate routine AD tasks such as user provisioning and de-provisioning, and more.
One of the best features that you and your team will find especially useful is the bulk management tools that let you quickly and easily manage the user accounts on your network.
It helps you to solve a few common issues such as:
- Repetitive and continual tasks such as user creation and removal, share creation and removal, and much more
- Automate management and reporting tasks
- Create, modify, manage and delete AD objects in large quantities
- Mobile app for managing the Active Directory from anywhere that has internet access
- Great for audits as it provides in-depth information about the current state of your environment
Benefits of ADManager Plus include:
- Simplify identity and access management across multiple platforms. Create and manage identities with all entitlements, set or modify group, NTFS, and share permissions granularly, and more, all from a single console.
- Library of more than 180 prepackaged reports on AD, Exchange, Office 365 and more, with built-in management actions. Manage and report on AD users, and more from mobile devices using native Android and iOS apps.
- Automate, monitor and streamline management and reporting operations, and prevent unauthorized changes with approval-based workflows.
- Take incremental backups of all AD objects, and perform attribute-level restoration of objects without restarting your DCs.
- Delegate management and reporting operations without modifying the AD permissions of any technician.
The combination of on premise Active Directory management combined with a mobile app makes this a great way for your team to stay on top of the daily tasks that you need to get the job done.
Compliance through audits and reports will give you the edge when you are dealing with audits and compliance reports.
- Detailed reporting, can generate compliance reports for all major standards (PCI, HIPAA, etc)
- Supports multiple domains
- Supports delegation for NOC or helpdesk teams
- Allows you to visually view share permissions and the details of security groups
- Has a steeper learning curve than similar tools
If this application is something that sounds like it could be useful on your network, then check out the link below to Request a download.
Pricing: You can get a 30-day free trial.
ManageEngine ADAudit Plus tracks activities on workstations and servers. It is able to log user actions on Windows Server and other Windows editions that use NTFS. The monitoring system also operates on AWS and Azure platforms that use NTFS.
The ADAudit Plus system doesn’t directly deal with permissions for file or directory access. That function is provided by Active Directory, so the processes of ADAudit Plus assume that the administrator has locked down file access correctly through AD.
The highest edition of ADAudit Plus monitors access activity in Active Directory and reports on any changes that are made to user accounts or object permissions.
The main function of ADAudit Plus logs user access to files and records any changes that were made to the contents of those files.
The ADAudit Plus logs are used for compliance reporting, which can be tailored to different data security standards, including SOX, HIPAA, PCI-DSS, FISMA, and GLBA.
Deployment options include installation on Windows Server or access to the service on AWS or Azure.
Other features of ManageEngine ADAudit Plus include:
- Employee productivity monitoring
- Windows Server auditing
- EMC file server auditing
- NetApp filer auditing
- User behavior analytics
The screens of the ADAudit Plus console include graphs and charts on user activity and file access events. These screens can be customized to show all of the information that is important to you in one view.
- Free tier to monitor 25 workstations
- Active Directory change protection
- Compliance auditing for SOX, HIPAA, PCI-DSS, FISMA, and GLBA
- Exportable reports in a range of formats
- Not a SaaS package
Pricing: You can start with a 30-day free trial.
- Free: $0
- Standard: From $595
- Professional: From $945
CJWDEV is a suite of tools that system admins have come to know and love over the years.
They offer many different useful Active Directory and NTFS Permission functions, which are all really useful.
NTFS Permissions Reporter is a tool that you can use for creating reports about permissions across many different domains and servers.
A single report detailing what permissions are active across your network will give you an excellent idea about what the current state of security is on all of your NTFS shares.
You can also drill down and create more specific reports to show permissions relating to specific users and group. AD Permissions Reporter is another excellent tool that you can use to quickly generate reports for the current security permissions across all of the OUs and other objects that are present on your Active Directory.
You can filter out specific results and generate reports that give you all of the knowledge that you need to make better decisions across your network.
Other tools that are available from CJWDEV are:
- AD Info:
With this tool you can quickly query your active directory and the rest of your domain, you can quickly generate a report that outlines all of the objects on the AD such as users, computers, groups and printers. The tool is easy to use and extremely powerful
- AD Tidy:
Just as you would expect, the AD Tidy tool lets you clean up the Active Directory by targeting inactive and dormant accounts. It gives you the options to remove the accounts from all groups, to delete the individual accounts, to move or disable them, or to export all of the details to a CSV file.
- Service Credential Manager:
This is a useful tool for finding and reporting on accounts that manage tasks such as scheduled operations and can update them to use new credentials if you have had to change the account names for scheduled tasks, or you have changed the password to the main account.
- AD Photo Edit:
This is a user-friendly application that lets you upload user photographs to the thumbnailPhoto attribute in Active Directory. This is much easier than manually uploading each picture for individual users.
There are many more applications that you can use in your environment besides the ones listed here, which can all be located here.
- Can quickly create reports on permissions and AD structure
- Identifies and cleans old AD objects
- Makes bulk changes to AD objects – such as renaming, and permissions updates
- Offers a variety of scheduling and automation functions
- Must contact sales for pricing
Being able to quickly and easily generate reports that detail the current state of your Active Directory is really important, so any one of these great apps could be of great use to you and your team.
Pricing: You can contact the sales team here for pricing
6. TreeSize from JAM Software
TreeSize is an application that lets you manage the space of your computers and servers while breaking down the space allocations of each file type.
It allows you to see the size of your folders as well as the sub folders, and gives you a breakdown of the contents of each folder with the file types contained within.
It gives you a visual view of what is happening with disk usage as a pie chart or a bar chart.
There are also tree maps that give you a proper idea of the hierarchies contained in the folder structures within the file system.
If you need to find out about the access logs for a specific system, then you can take a detailed look at the files and when they were last opened, and by whom.
Users can even open up a chart that gives statistical information about the files on your hard drive. It also features:
- An integrated search for easy file investigation
- Search for files with customizable queries
- Results can be archived, copied and moved
- You can scan from single machines to the entire network
If you need visualization tools for your files and hard drive usage, and need to view file access and sizes, then this is an excellent application for your digital tool kit.
- Simple yet powerful interface
- Can easily visualize disk usage and the context of your storage
- Quickly identify users who are storing too much
- Create detailed reports in just a few minutes
- Best suited for administrators looking to focus on storage management
You can create impressively complicated reports for compliance purposes, export data, create scheduled events such as scans, and also track the growth of your file storage across multiple devices.
Download: If you want to try out a trial version of this handy application then you can download it from here.
Pricing: Pricing starts at around $50 dollars for a single license, but a full price list can be found here.
7. AD FastReporter by AlbusBit
AD FastReporter is a tool that has been designed to make your workload much lighter, and has been designed to help create reports that give valuable information about your current Active Directory setup.
Using AlbusBit AD FastReporter is a much simpler solution to using LDAP commands or learning how to script.
All you need to do in order to create AD reports quickly is to select the required fields of your choice, such as users, computers, groups, exchange, contacts, printers, and more.
You can also isolate the GPO and OU details to see what is happening within your network. Other features include:
- Quick setup – getting started is quick and easy
- Simple GUI – Easy to use
- Fast Reporting – Get your information compiled into good looking reports in no time at all
All of your AD reporting requirements taken care of and easy to use, for user reports, you can get all of the information that you need such as: user status, recently modified users, bad password attempts, view users that need to change their passwords, see which users have a password never expires flag.
Computer reports are also easy to generate, allowing you and your team to see which resources have been modified, created, or even what version of Operating System they are running.
- Can quickly sort users by a variety of different factors
- Creates simple reports displaying access and permissions
- A great alternative to LDAP in many cases
- Can filter and sort OUs and GPOs while troubleshooting
- Better suited for larger AD environments
Download: You can find the download link on this page here.
Pricing: They offer a FREE Version and then Single licenses start at $99, with multiple site licenses costing up to $499. The pricing guide can be found here.
8. Vyapin NTFS Security Auditor
You can audit and create the reports for all of the auditing requirements that you may have, which makes this tool especially handy if you plan on using it for audit preparation.
You can easily look at what file share permissions are currently active, just as if you were using the Windows File Server audit, which means that you can easily track the permissions of users and groups pertaining to objects such as folders and files. Other features that are included in this application are:
- Security Viewer:
Easily view and assess the whole file system and permissions of servers from within a single viewing point. You can view the basic or advanced settings of each machine, depending on what is required.
- Configuration Settings:
From here you can quickly setup your SQL connections and SQL server settings. From here you can also configure your data collection and email settings as well for convenient notifications.
The list of reports is quite extensive, so you can find the right report for your specific requirements
- Scan Profiles:
You are able to use this feature to quickly scan your environment using predefined templates. This is useful if you need information quickly and don’t have time to configure reports from scratch.
- Power Search:
From here you can setup your own search queries, giving you far more flexibility and customization options when compared to the preexisting reports that come standard with the application.
If you need a straight forward auditing and reporting tool for your NTFS shares, then you can’t go wrong with VYAPIN NTFS Security Auditor.
It features all of the basic and advanced features that you would need to report on the current state of NTFS shares, as well as authorized users from a single application.
This makes the task of creating comprehensive reports much easier, giving you the freedom to complete other work while still meeting the information requirements of an audit.
- Simple and lightweight tool
- Can manage SQL server permissions as well as AD
- Features various templates for scanning and filtering user profiles
- Uses a powerful query language to improve search across AD
- The interface could use improvement
Download: Download from here.
Pricing: Request a quotation from here.
9. DSRAZOR for Windows
DSRAZOR for Windows is a user friendly application that sees itself as a point and click style program for reporting, management and delegation.
It allows you to report on the Active Directory settings within your network, as well as the Windows File Sharing settings that are currently being used across your network shares.
The Active Directory segment reports on users, groups, computer, and other information that you would need for your reporting requirements. You can also manage and delegate standard active directory functions such as create, modify, and deleting users, as well as moving them.
Other Features of this Software package include:
- File Permission Reporting
- Active Directory Reporting
- Active Directory Mangement
- Exchange Management
- Office 365 Management
- Task Delegation
This application offers detailed information about the current state of affairs on your network, and is sure to be of great utility to anyone that needs to manage the tasks of their Active Directory on a day-to-day basis.
There is a good mixture of features that make this a worthy choice if you find yourself getting stuck performing the same tasks every day, which is sure to save you some time.
- Extremely easy to use – great for junior sysadmin
- Can manage 365 environments alongside local AD servers
- Includes task delegation for helpdesk teams
- Designed to streamline your typical day-to-day
- Would like to see more visual reporting
- Pricing is a bit higher than competing tools
If you want to take a look at this application and get it installed, you can find a download link below!
Pricing: Pricing starts at $500 per year for 200 enables user objects. Full pricing can be found here by requesting a quotation.
10. NTFS Permissions Auditor by Albusbit
Albusbit was also mentioned above for their AD reporting Features, but they've also contacted us to add their NTFS Permissions Auditor tool as well.
This tool helps you quickly Manage Access to Folders & Files within your NTFS systems as well as Analyze, Verify and Review any NTFS permissions on files/folders within the program itself.
Some Features and capabilities include:
- Audit and Export Reports to XLSX, CSV, XML, HTML or PDF file formats
- Display critical Acct Information (including SID, Description, Department, etc)
- View and Analyze File and Directory Permissions for Users, Groups and Computers
- Directory/Folder and User Exclusions from Reports to Limit your Audit Depths and analysis
- Compare NTFS Audit Reports to see changes in Permissions, Groups and Modification Dates
- Auto-discovery of Windows Shares & Admin Shares
This tool has many great features and capabilities that offer an in-depth look into your NTFS File and Folder permissions that many other software solutions simply do not have.
They even Offer a Free Version of the program which offers in-depth Audits and a Paid version for $199 that has advanced Features, Filtering and Reports.
- Easily sort through different AD objects based on various conditions and metrics
- Includes in-depth reporting
- Includes autodiscovery of new objects
- Includes a free version
- Would like to see more visual reporting
- Pricing is a bit higher than competing tools
Pricing: They offer a 100% FREE Version that lets you run Audits and a Paid Version for advanced Filtering and Reports for $199
There are many different applications out there for you to choose from if you are looking to ease your administrative burden while working with Active Directory and NTFS shares on a daily basis.
There are plenty of things that you need to be aware of and keep on top of, such as user accounts, devices and active file shares.
If you are not fully aware of unsafe file shares on your network, then you are probably at risk from unauthorized user access, or malicious software such as ransomware and other crypto-based threats.
Be sure to check out each of the products that we have reviewed above, and find your favorite. Try downloading a few, and see which one suits your needs the best.
There are so many useful features that could be very hand for the average system administrator, so be sure to consider each one on its own merits, and how each might be used within your own Active Directory setup.