Many times, managers and compliance auditors ask IT administrators to give a report listing file share permissions granted to different individuals and groups.
Though this may sound overarching, in reality, it is necessary to protect the critical resources of an organization.
When any individual or group is given excess rights and permissions to access all files and folders, it can lead to unwarranted changes to files or inappropriate access. Such actions could end up being perilous to organizations.
Here is our list of the top NTFS auditing and reporting tools:
- SolarWinds Access Rights Manager – FREE TRIAL A comprehensive Active Directory management tool that offers a way to manage user groups and device and file permissions that can be applied to many AD instances. Runs on Windows Server. Start a 30-day free trial.
- ManageEngine ADManager Plus – FREE TRIAL An easy-to-use service that provides a better management interface for Active Directory than the native GUI for the system. Available for Windows Server. Access the a 30-day free trial.
- SolarWinds Permissions Analyzer for AD – FREE TOOL This free tool from SolarWinds gives a basic interface to AD implementations and includes file permission management. Runs on Windows and Windows Server. Download 100% free tool.
- ManageEngine ADAudit Plus – FREE TRIAL A package that records user access to files and records changes to file permissions registered in AD. Available for Windows Server, AWS, and Azure. Start a 30-day free trial.
- CJWDEV Available in free and paid versions, this tool focuses on NTFS permissions or files and folders. Runs on Windows.
- TreeSize A great reporting tool for NTFS directory and file permissions that can export reports in a range of formats. Runs on Windows Server.
- AlbusBit A permissions auditor for NTFS that produces reports in a range of formats and is available in free and paid versions. Runs on Windows.
- Vyapin NTFS Security Auditor An analyzer for file and directory permissions that allows assessments to be enhanced by the user through SQL statements. Runs on Windows and Windows Server.
- DSRAZOR for Windows Audits NTFS file permissions and enables duplicate files to be identified. Runs on Windows.
This is why it is important to audit NTFS permissions and IT administrators should send compliance reports on access and permissions given to different users to access files and folders.
From an IT administrator’s point of view, this constant reporting and monitoring is a tedious and time-consuming job, and this is why it helps to have Windows NTFS permission reporting tools.
Methodology for selecting the Best NTFS auditing and reporting tools
- Check if it provides comprehensive control over all access rights via a single interface
- Can it automatically check replication problems with all native access rights managers?
- Does it allow running scans or analysis of user and group permissions?
Here’s the Top Windows NTFS Permission Auditing & Reporting Tools:
Here is a look at some of the best Windows NTFS permission reporting tools that you can use to provide the necessary compliance and reporting.
SolarWinds Access Right Manager is a simple and useful tool to manage and audit user access throughout your IT infrastructure.
The salient features of SolarWinds Access Rights Manager are:
- Monitors, analyzes and audits Active Directory and Group Policy, so IT administrators can stay on top of who has accessed what resources, and the date and time of this access.
- Presents a visual picture of permissions on file servers. This way, it is easy to prevent data leaks and unauthorized access or changes to sensitive data.
- Tracks changes to mailboxes, folders, calendars and public folders.
- Makes it easy to detect changes in Exchange server and to improve the compliance associated with it.
- You can set up and manage new user accounts within just a few minutes, using standard role specific templates.
- Helps to analyze user access to services and file servers to mitigate internal security threats.
- Creates and generates reports needed for compliance.
- At any time, you can see log activities in Active Directory and file servers.
- A web-based self-permissions portal makes it easy for owners to decide who should access their files and folders. This way, owners can delegate permissions and help reduce IT workload.
- Automatically identifies accounts that are insecure
- Simple to use and is ideal for organizations of all sizes.
- Offers access to AD directories
- Watches over the events affecting the domain controllers on your network
- Alerts on noticing changes in the AD database records
- Access to change the permissions in AD records
- Users can easily create or alter their own accounts
- Designed specifically for sysadmin but may take time to learn and implement as it is an in-depth platform
Pricing: Free 30 Day Fully Functional Trial – Download to Get Started Below!
ADManager Plus is a tool that generates reports and exports the same in an easily understandable format. it gives IT administrators greater control over permissions and file access.
The features of ManageEngine ADManager Plus are:
- Displays all the shares available in specified servers, along with important details such as locations, scope, list of accounts and more.
- Lists the folders and files over which a specific user or group has permissions to access.
- Gives a list of folders and files protected from inheritable permissions.
- Comes with more than 150 pre-defined reports on Active Directory, Exchange, Office 365 and G Suite.
- Generates reports that make it easy to comply with different compliances and audits.
- Cleans up unwanted, inactive and obsolete objects in Active Directory.
- Automates many critical tasks of AD such as user provisioning.
- Helps IT administrators to stay on top of file-level security settings in their environment.
- Exports reports in a comprehensible format
- Offer better control over file access and permissions
- Provides 150+ pre-built reports for Active Directory, G Suite, Exchange, and Office 365
- Automates several AD functions
- You can create a list of directories and files that a particular user or group has access to.
- Updating frequently can result in problems and break features
Pricing: There are three editions, namely, Free, Standard and Professional. The pricing depends on the edition you choose and the number of technicians you would like to have for each license. The free edition is 100% free and gives you a good feel of what to expect from the Standard and Professional versions. You can download a 30-day free trial.
Download: You can download the free version from https://www.manageengine.com/products/ad-manager/download.html?btmMenu
Permissions Analyzer for Active Directory is a free tool from SolarWinds that provides instant visibility into user and group permissions.
The salient features of this tool are:
- Provides real-time visibility into user and group permissions.
- Works well on Active Directory, network shares, folders and files.
- Quickly identifies how user permissions are inherited
- You can browse through permissions by group or individual user.
- Analyzes user permissions based on group membership and permissions.
- Offers quick visibility into user as well as group permissions
- Permissions can be viewed by either a group or a specific user
- Examines user rights based on group membership and rights
- Determines how user permissions are passed down quickly
- Performs great with Active Directory, network shares, directories, and files
- Limited free version with basic features
Pricing: 100% Free Forever!
ManageEngine ADAudit Plus provides logging for user activity and records changes to file permissions in Active Directory.
The important features of ManageEngine ADAudit Plus include:
- Watches over NTFS on Windows Server and also AWS and Azure systems
- Tracks changes to objects, attributes, and group policy
- The permissions change tracking records before and after values
- Records which user account was used to make permissions changes
- Stores log records on each change implemented in Active Directory
- Tracks user activity
- Records user access to files
- Identifies changes in files and attributes them to the user account involved
- Generates compliance reports for SOX, HIPAA, PCI-DSS, FISMA, and GLBA
There are three editions of ManageEngine ADAudit Plus: Free, Standard, and Professional. This is not the 30-day free trial of the paid versions, but a free forever edition. However, its functionality is limited and it is more of a log server than an actual auditioning tool. If you get the free trial and then decide not to buy, your software bundle will switch over to this edition.
The standard package generates alerts and creates reports by scanning Event Logs created by:
- Azure AD Tenants
- Windows servers
- Windows file servers
- NAS devices
This standard edition doesn’t include NTFS permission change logging. You need the Professional edition to get NTFS permissions auditing. As well as the log analysis functions that are provided by the Standard edition, this plan offers:
- Account lockout analysis
- AD permissions change auditing
- GPO settings change tracking
- DNS and AD schema change auditing
- Old and new values of AD object attribute changes
- Support for MS SQL database
- Watches over user activities and failed login attempts
- Tracks changes on the domain controllers and user permissions of the AD database
- Displays alert on the dashboard as well as sends to the sysadmin via email
- Generates compliance reports
- Examines AD and strengthens security measures
- Users may face difficulty in the initial stage to learn custom reporting
- Free: $0
- Standard: From $595
- Professional: From $945
Download: To get a 30-day free trial of ManageEngine ADAudit Plus, go to the download page: https://www.manageengine.com/products/active-directory-audit/download.html
CJWDEV is a powerful tool to view NTFS permissions all the way through your entire directory tree.
The important features of CJWDEV are:
- Ideal for reporting directory permissions on Windows file server.
- Provides visibility into which groups and users have access to which files and directories.
- Its highly customizable filtering system makes it easy to search for the user or group you want. You can filter the results based on a host of attributes such as account name, account type, domain, nature of permission, inherited permissions, account status and so much more.
- Displays results in a tree or table based format.
- Highlights different permissions in different colors to easily identify the information you want.
- Makes it easy to identify rogue permissions that are not in accordance with the established standards and policies of the organization. In turn, this feature makes it easy to identify insider attacks.
There are two editions, namely, free and standard edition.
The free edition is meant to act as a trial of the standard edition, and hence, its features are a subset of what is found in the standard edition. The features in free edition include,
- Intelligent caching makes this tool one of the fastest in the industry today.
- Provides options to view group members directly in the report itself.
- You can right-click on any directory in Windows and choose “Report Permissions” to see all the available permissions for that directory.
- Information provided is accurate and reliable.
- You can easily export the results to HTML format.
- Displays names and other account details for accounts in external trusted domains.
Standard edition contains all the features in free edition plus the following.
- Allows you to export results to many file formats such as CSV, HTML, NTPR and XLSX.
- Gives you the flexibility to compare two reports to know the differences in permission levels
- Emails report automatically to the set email IDs
- Create filters to help you find what you want. You even have the option to exclude certain permissions.
- Full command line support makes it easy to schedule reports for your convenience.
- You can load your favorite settings every time you launch the application
- Free upgrades to new versions through the entire lifetime of the product.
- Easy to review configuration settings of AD objects
- Gain insights and generate reports in HTML, CSV, and TXT format
- Quick to view NTFS permissions using the tool
- Offers highly customizable filtering system
- Highlights different permissions in color-coded format for better identification and understanding
- Limited product range
- CJWDEV is relatively expensive compared to other tools
Pricing: The free edition is 100% free with no hidden costs whatsoever whereas the standard edition costs $149 for a single user license, $359 for a site license, $579 for an enterprise license, $199 for a consultant license and $620 for an unlimited consultant license.
Download: You can download the free edition from http://www.cjwdev.com/Software/NtfsReports/Download.html and the standard edition from http://www.cjwdev.com/Software/NtfsReports/Purchase.html
TreeSize from Jam Software is a reporting tool that helps you to create fast, clear and compact reports about access permissions on all files and folders of a scanned directory.
The features of TreeSize are:
- Displays all inherited permissions on folders
- Shows the folder access permissions for different users and groups.
- Provides a clear and compact overview.
- Indicates explicitly the type of rights (read, write or delete) that each user has for each directory, folder or file.
- Exports all data to Excel, HTML, XML or text file.
- Allows you to create special reports that will be used in security audits.
- Comes with an integrated file search
- Includes or excludes certain files and folders in your scan, based on your preferences.
- Offers scheduled scans of your hard disk and the generation of reports overnight.
- Provides full NTFS support such as file-based NTFS compression.
- Tracks growth of files and folders.
- Efficiently manages existing disk space.
- Compatible with Windows Server 2016, Windows Server 2012 and Windows Server 2008 R2.
- Creates compact reports highlighting all file permissions
- Displays different types of user rights for each file and folder
- You can export data in XML, HTML, and TXT format
- Offers a built-in file search feature
- Users can easily monitor the growth of each file and folder
- No real-time monitoring of disk space usage
- Restricted remote access
Pricing: Pricing depends on license.
- Single license – 46,95 €
- 5 license pack – 159,95 €
- 10 license pack – 279,95 €
- 25 license pack – 519,00 €
- Site license – 1599,00 €
Download: You can download a trial version from https://www.jam-software.de/customers/downloadTrial.php
AlbusBit is a NTFS Permissions Auditor that allows you to verify, analyze and review NTFS permissions.
AlbusBit comes with the following features.
- Easy to set up and get started.
- Advanced filters that even come with ‘And’ / ‘Or’ usage.
- You can search by department, position, manager, username, permission access type, domain name, domain SID, account name, account SID, inherited permissions and so much more.
- Makes it easy to see users, groups and the rights and directories for each user.
- Its optimized caching mechanism gives you fast and efficient results.
- You can export to many file formats such as CSV, HTML, XML and PDF.
- Gives a hierarchical folder view for an easy viewing experience.
- Allows you to exclude certain directories and users.
- All data is stored in the local database, so no additional setup is necessary.
- Uses RAM and CPU efficiently to prevent overloading of resources.
- Change reports make it easy to see what has changed between two reports.
- Helps review NTFS permissions
- Classify and search based on username, domain name, or department
- Caching mechanism generates quick and efficient results
- Allows exporting data in different file formats like PDF, HTML, etc.
- Creates a hierarchical folder view to make viewing easier
- The UI is a bit cluttered
- Behind a paywall are the more potent features
Pricing: There are two editions – free and Pro. The Free version costs nothing whereas the Pro version starts at $149.
|Free version||Pro version|
|Audit an unlimited number of directories||Yes||Yes|
|Folder tree view||Yes||Yes|
|Export reports to CSV, Excel (XLSX), HTML, XML and PDF files||Yes
(Max 500 rows)
|Customize export fields||No||Yes|
|Advanced filtering during audit||No||Yes|
|Advanced filtering after audit||No||Yes|
|Automatic audit result storage||No||Yes|
|Change reports – compare two audit results and see what has changed||No||Yes|
|Guaranteed updates and bug fixes||No||Yes|
|Priority customer support||No||Yes|
Download: You can download the free version from https://albusbit.com/NTFSPermissionsAuditor.php
8. Vyapin NTFS Security Auditor
Vyapin NTFS Security Auditor is a tool to audit, control, analyze and manage your file security. It is one of the most efficient software for collecting information on file access and permissions because it uses native Windows API calls whenever appropriate.
Overall, it is a powerful software that gives you complete control and flexibility to audit NTFS permissions and report the same for compliance and security.
The features of Vyapin NTFS Security Auditor are as follows.
- Helps you stay on top of who has access to what in your NTFS file system.
- Reports NTFS permissions on different files, folders and shares.
- Performs a complete security scan of your files, folders and shares.
- Comes with many reporting templates that are simple, comprehensive and completely customizable.
- Has many ready-to-use reports that help with both management and compliance reporting requirements.
- Uses powerful scan options to meaningfully segment your network for reporting and data collection.
- Makes it easy to report NTFS permissions in multiple domains.
- Analyzes inadvertent user access possibilities.
- Performs a granular search of various types of permissions and their exceptions.
- Does not require any agent installation as the necessary information is collected and displayed on the same machine where the tool is installed.
- Supports MS-Access and SQL Server
- Performs powerful and conditional search queries on permissions.
- Enumerates computers using Active Directory or Windows Browser Service.
- Reports vulnerabilities as they occur in access rights and permissions.
- Offers full control to audit NTFS permissions
- Offers compliance reporting
- Examines potential unintended user access
- Offers MS-Access and SQL Server support
- Alerts about access rights and permissions problems instantly
- The tool does not work well with other operating systems except Windows
- Users need to purchase a license to access all features
Pricing: The cost of Vyapin NTFS Permissions Reporting tool is $399 for one server for a period of three months. For this same period, the cost is $599 for three servers, $899 for five servers and $1,199 for 10 servers. If you want a subscription for more than 10 servers, contact the sales team for custom quote.
To get a perpetual license, the cost is $499 for one server, $749 for three servers, $949 for five servers and $1,599 for ten servers respectively.
If you want to buy the license for just one year, the cost is $598 for one server, $1,498 for three servers, $1,898 for five servers and $3,198 for ten servers respectively.
Download: You can download a trial version from https://www.vyapin.com/download/ntfssms
9. DSRAZOR for Windows
DSRAZOR for Windows is a NTFS reporting and managing tool from a company called Visual Click Software. This tool audits file permissions and generates reports that are east to read and understand.
The features of DSRAZOR for Windows are:
- Runs detailed reports for ACL documentation, blocked inheritance, orphaned SID trustees and more.
- Gives you the choice to customize file permission reports.
- Finds and removes unwanted NTFS file security permissions.
- Provides ownership details of any file or folder.
- Allows you to search based on a wide range of specific parameters.
- Reports disk space usage for servers and workstations
- Lists files that are unused for a specific period of time.
- Finds duplicate files.
- Adds, removes and modifies explicit trustee permissions.
- Removes file system access control entry (ACE) from ACL
- Discovers how file permissions were obtained.
- Lists files with orphaned SID (no owner is defined).
- Easy to audit file permissions
- Generates easy-to-understand detailed reports
- Search and remove unnecessary NTFS file security permissions
- Users can customize file permission reports
- Detect duplicate files
- Complex user interface
- Limited support options are available
Pricing: This comprehensive NTFS reporting tool is priced at $500 per year.
Download: You can download a free trial from https://www.visualclick.com/content/freetrial_request.htm
To conclude, reporting on NTFS permissions and access is essential for internal security as it can go a long way in preventing insider attacks and thefts. But, it can be a nightmare for IT administrators because staying on top of permissions for each and every file is an almost impossible task. To help IT administrators to have complete control over NTFS file system, there are many reporting tools that analyze permissions and generate easy-to-read reports that are also compliance friendly. The above list includes some of the best NTFS permission reporting tools that can make life easy for IT administrators without ever compromising on security.