Top 5 Free Tools for NTFS Permissions Reporting

Managers and compliance auditors often ask IT admins to present a report listing file share permissions granted to a group or a particular user. Here are a few free tools that will help you save time on this report generation and export all permissions granted to a user account on a file share and list of NTFS permissions for particular folder and file.

Tool #1. NTFS Permissions Reporter Free Edition

Cjwdev delivers a good tool that helps you export file and folder permissions. It displays group members (direct and nested) right in the report; plus, you can pick the report format (a tree or table) as well as highlight different permissions in different colors. Highly customizable, isn’t it? It is rather easy to use, but at first, the interface may look a little overloaded, and permission scanning may take additional time. The tool provides you with an option to easily export report results to an HTML file. However, it exports only the report on NTFS permissions to only a folder and cannot export or show permissions of a user.

Report Example

 

Tool #2. Access Enum

There’s no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum from sysinternals suite gives you a full view of your file system and Registry security settings in seconds, very simple to use, gives you table view of all permissions on your file share or registry, can export only to “.txt” format, which is rather complicate to read, you can copy information from “.txt” file to “.xls” manually and edit it but it will take you some time.

Report Example


Tool #3. Netwrix Effective Permissions Reporting Tool

This tool helps you make sure that employees’ permissions align with their roles in the organization. The freeware tool delivers a file share and Active Directory permissions report that details who has access to what and how that access was gained. Very simple and easy to use tool, you just need to enter the name of a user or group to check its permissions, very fast scan and easy HTML export functionality. It doesn’t show folder permissions, such report is available in Netwrix Auditor for File Servers (20 days free trial).

Report Example

 

Tool #4. Permissions Reporter

This is a very good Windows NTFS permissions reporting tool. It resembles Cjwdev’s NTFS Permissions Reporter tool a little, as it has the same functionality but a prettier interface. It’s easy to use. However, permission scanning takes some time, and you can export only the report on NTFS permissions to a folder or HTML file; a report on the permissions of a user is not shown and can’t be exported.

Report Example

 

Tool #5. SolarWinds Permissions Analyzer

This is the last tool in our list and the worst one, in my opinion. The main reason why I’m not fond of this tool is because you cannot export information from it, but for those who just need detailed information about user permissions, it can be rather handy. It quickly identifies how users’ permissions were inherited, browses permissions by group or by individual user and analyzes them based on group membership and permissions.

 

(BONUS) PowerShell

Despite all the tools on the market, you know that you can always rely on an old friend, PowerShell. Here’s a ready-to-use script for you in case you need to export folder permissions and user permissions into “.csv” file format:

$OutFile = "C:\Temp\permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile

$RootPath = "\\fs1\shared"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
       $ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access  }
       Foreach ($ACL in $ACLs){
       $OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference  + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
       Add-Content -Value $OutInfo -Path $OutFile
       }}

 

Report Example

dir -Recurse | where { $_.PsIsContainer } | % { $path1 = $_.fullname; Get-Acl $_.Fullname | % { $_.access | where { $_.IdentityReference -like "ENTERPRISE\J.Carter" } | Add-Member -MemberType NoteProperty -name "\\fs1\shared\" -Value $path1 -passthru }} | export-csv "C:\temp\permissions.csv"

 

Report Example

Like to get free stuff? Check this out : Top 5 Free Tools for Account Lockout Troubleshooting >>

Vote for you favorite NTFS Permissions Reporting tool!

Loading ... Loading ...