Top 11 NTFS Permissions Tools for Smarter Administration

Managers and compliance auditors often ask IT admins to present a report listing file share permissions granted to a group or a particular user. Here are a few paid and free tools that will help you save time on generating these reports.

Free Tools for NTFS Reporting and Management

1. NTFS Permissions Reporter Free Edition from Cjwdev

Cjwdev’s NTFS Permissions Reporter is a good tool that helps you export file and folder permissions. It displays group members (direct and nested) right in the report; plus, you can pick the report format (a tree or table) as well as highlight different permissions in different colors. The tool is highly customizable and is rather easy to use, but at first, the interface may look a little overloaded, and permission scanning may take additional time. The tool enables you to easily export report results to an HTML file. However, it creates reports on NTFS permissions only for a folder; it cannot show the permissions of a user.

NTFS Permissions Tools Reporter1

NTFS Permissions Tools Reporter2

2. Netwrix Effective Permissions Reporting Tool

Netwrix Effective Permissions Reporting Tool helps you make sure that employees’ permissions align with their roles in the organization. IT delivers a file share and Active Directory permissions report that details who has access to what and how that access was gained. This freeware tool is very simple and easy to use: You just need to enter the name of a user or group to check its permissions. The scan is very fast and the HTML export functionality is straightforward. It doesn’t show folder permissions, however; such a report is available in Netwrix Auditor for File Servers (20-day free trial).

NTFS Permissions Tools NERP1

NTFS Permissions Tools NERP2.

3. Microsoft’s Access Enum

As there’s no built-in way to quickly view user accesses to a tree of directories or keys, Microsoft Windows SysInternals tools may come handy. AccessEnum is one of SysInternals tools which gives you a full view of your file system and Registry security settings in seconds, and provides a table view of all permissions on your file share or registry. However, you can export only to .txt format, which is rather complicated to read. If you want the information in .xls format, you’ll need to copy it from the .txt file manually.

NTFS Permissions Tools Enum1

NTFS Permissions Tools Enum2

4. Permissions Reporter from Key Metric Software

Permissions Reporter is a very good Windows NTFS permissions reporting tool. It has the same functionality as Cjwdev’s NTFS Permissions Reporter tool, but has a prettier interface. It’s also easy to create and download repots. However, permission scanning takes some time, and you can report on only NTFS permissions to a folder or a HTML file, not the permissions of a user.

NTFS Permissions Tools Key Metric1

NTFS Permissions Tools Key Metric2.

5. Permissions Analyzer from SolarWinds

Some users might not be fond of Permissions Analyzer because you cannot export information from it, but for those who just need detailed information about user permissions, it can be rather handy. It quickly identifies how users’ permissions were inherited, browses permissions by group or by individual user, and analyzes them based on group membership and permissions.

NTFS Permissions Tools SolarWinds1

6. NTFS Permissions Tools from MajorGeeks.com

NTFS Permissions Tools offers file permissions management for NTFS file systems. This handy tool was made for admins who need a lightweight access rights manager — it enables you to make a lot of permissions and security changes at once. Its main advantage over Window’s built-in permission and security tool is that it takes less time to change permissions and security settings.

NTFS Permissions Tools MajorGeeks1

BONUS Free Tool: Microsoft PowerShell

If you prefer, you can always rely on your old friend PowerShell. Here are ready-to-use scripts for exporting folder permissions and user permissions into .csv format.

PowerShell code for exporting folder permissions

$OutFile = "C:\Temp\permissions.csv"
$Header = "Folder Path,IdentityReference,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags"
Del $OutFile
Add-Content -Value $Header -Path $OutFile

$RootPath = "\\fs1\shared"

$Folders = dir $RootPath -recurse | where {$_.psiscontainer -eq $true}

foreach ($Folder in $Folders){
$ACLs = get-acl $Folder.fullname | ForEach-Object { $_.Access }
Foreach ($ACL in $ACLs){
$OutInfo = $Folder.Fullname + "," + $ACL.IdentityReference + "," + $ACL.AccessControlType + "," + $ACL.IsInherited + "," + $ACL.InheritanceFlags + "," + $ACL.PropagationFlags
Add-Content -Value $OutInfo -Path $OutFile

Sample report:

NTFS Permissions Tools Reporter1

PowerShell code for exporting user permissions

"ENTERPRISE\J.Carter" } | Add-Member -MemberType NoteProperty -name "\\fs1\shared\" -Value $path1 -passthru }} | export-csv "C:\temp\permissions.csv"

Sample report:

NTFS Permissions Tools PowerShell2

1. Jam Software’s TreeSize

Jam Software’s TreeSize is focused on storage analysis. There is a limited freemium licensing option and a 30-day free trial of the full version.

The free edition is highly praised by IT admins for its high scan speeds, ability to process and analyze storage (including network drives and locally synchronized cloud drives), and option to break down scan results according to owner, file type, size, etc., throughout the entire file system. For instance, this tool can help admins find largest files, the oldest files and the files with long paths.

The paid version also analyses file owners and permissions, NTFS compression rate, and much more. It can also process NTFS Alternate Data Streams and NTFS Hardlinks, will export scan results to various file formats, and provides command-line automation options.

Paid NTFS Permissions Tools_TreeSize

2. Netwrix Auditor for File Servers

Netwrix Auditor for Windows File Servers delivers deep visibility into your Windows file servers, including permissions. Its various state-in-time reports provide a complete picture of effective permissions, duplicate files and stale data across your Windows file servers. It delivers visibility into all changes and all access events (both successful and failed) across your file storages, so you can compare your settings against your privacy policy and detect privilege escalation before any damage is done. Its ready-to-use reports streamline NTFS permissions audits and compliance reporting for requirements such as PCI DSS, SOX and HIPAA.

In conjunction with file analysis technology, it also helps you to stay aware of all changes to Windows Server file permissions; determine effective permissions by user and by object across multiple file servers and shares; and understand whether those file permissions were assigned directly or via group membership.

There is a 20-day free trial.

Paid NTFS Permissions Tools_Netwrix

Paid NTFS Permissions Tools_Netwrix2

3. AlbusBit’s NTFS Permissions Auditor

NTFS Permissions Auditor allows you to review and analyze any NTFS folder permissions. While the free version provides you with audit data, such as full path, owner, last modified, inherited flag and a full list of permissions in hierarchical folder view or account view, the pro version offers additional features such as report filtering by fields such as account name, SID or department; permission change analysis; export to various formats; report customization; automation; and more.

Paid NTFS Permissions Tools_AlbusFit

4. Vyapin’s NTFS Security Management Suite

NTFS Security Management Suite is more like a full-fledged NTFS management system than single-task NTFS permission tool. It consists of three modules:

  • NTFS Security Auditor enables you to scan shares, folders and files in your network, perform an automated inventory of permissions at regular intervals, and compare ACLs. There are a variety of built-in reports for system administrators and compliance
  • NTFS Change Auditor collects and analyses permission changes on specified locations.
  • NTFS Security Manager is designed to simplify native permission management.

Vyapin provides a 15-day evaluation copy of NTFS Security Management Suite.

Paid NTFS Permissions Tools_Vyapin

5. DSRAZOR from Visual Click Software

DSRAZOR is a versatile and customizable reporting tool for administrators and compliance auditors. You can analyze permissions for a particular file or folder. Reports are customizable and can include specific Active Directory attributes for each trustee, so auditors can tailor reports to their particular needs. There are comprehensive reports on past due, blocked or deactivated Active Directory accounts, and you can find out which accounts are not in use during a particular period, where the last login failed, and much more. However, while DSRASOR praised by many for its versatility, there is a fairly steep learning curve — the report design tool is rather clunky, and overall setup process is not super user-friendly.

Paid NTFS Permissions Tools_DSRAZOR

Paid NTFS Permissions Tools_DSRAZOR2

Jeff is a Director of Global Solutions Engineering at Netwrix. He is a long-time Netwrix blogger, speaker, and presenter. In the Netwrix blog, Jeff shares lifehacks, tips and tricks that can dramatically improve your system administration experience.
Download a free trial classification software that empowers you to identify and secure sensitive content