For most IT teams, selecting the right permissions reporting tools is a high priority. Understanding access rights across an organization’s network is crucial when striving to protect sensitive or confidential information and having proof of permissions management is a fundamental tenet of compliance with internal controls regulations.
Because of New Technology File System (NTFS) permissions inheritance, even system administrators might not always have a full picture of access rights throughout their file directory without constantly performing time-intensive, meticulous audits. For this reason, a free NTFS permissions reporter goes a long way in helping system administrators and IT personnel gain visibility into access rights across their network, manage permissions, and prepare compliance reports.
Depending on the size of your network and the budget you have for a NTFS permissions management tool, free options can be a great route for your team. However, you should also consider starting with free trials of some premium tools, as these tend to have more functionality and better UI. For enterprise-level capabilities, the cost is probably worth it. With that in mind, I’d recommend trying out SolarWinds® Access Rights Manager for its user-oriented dashboard, role-based access rights configuration, and built-in reporting capabilities.
Best Free NTFS Permissions Management Tools
The NTFS Permissions Reporter by CJWDEV is an extremely adept tool for tracking access permissions. It displays group users with either direct or nested access for an entire file directory. The report can be generated in either a tree or table format with color-coded access levels.
However, while extremely useful, I found that the interface was fairly loaded and reporting capabilities are limited compared to other software. Some users have commented that permission scanning can take longer than necessary with its busy format. Lastly, reports only represent the permission of a folder and can’t be filtered or exported on a user-by-user basis.
Netwrix Effective Permissions Reporting Tool is excellent freeware for basic needs. While it misses out on many of the more comprehensive functions included in similar software, it does help admins ensure compliance on a user-by-user basis.
With Netwrix Effective Permissions Reporting Tool, admins can search a user or group throughout their entire IT infrastructure. The tool then generates a permissions report for an active directory or file share, including how users gained access, that can be exported as an HTML file. This information, though much more limited than reports generated by other tools, allows admins to guard against excessive permissions by making sure users only have the appropriate permissions for their roles at the company.
The ManageEngine ADManager Plus tool is another great Active Directory® monitoring and reporting tool. It provides visibility into the shares in specified serves, including information on locations and accounts, and shows objects guarded against inheritable permissions. It aids admins with their AD control tasks and has over 150 preformatted reports for file-auditing purposes.
However, while the ADManager Plus automates certain to-dos like provisioning and AD clean-up, I found that its UI could use a little refresher, particularly on the mobile version. ADManager Plus is entirely free for a single domain with 100 objects or less, but adding additional help desk technicians on your license, or opting for more features included in the Professional Edition, costs more. To its credit, the free version is not only a taster, it’s also representative of both the Standard and Professional Editions.
Finally, the FolderSecurityViewer NTFS permissions reporter has many of the same features listed in the software options above. Its permissions report can be exported in an Excel®, CSV, or HTML format, and it can generate permissions reports on a by-user or by-share basis. It traverses nested groups in the Active Directory to make sure all permissions for a given folder are reported.
The feature I found most useful was the ability to compare reports saved in the database (which is either built-in or an external MS SQL Server). Unfortunately, this feature is only included in the paid Company Edition, but it streamlines the work of tracking permissions change and makes it scannable. Still, if you’re going to pay money for software licenses, I’d recommend a tool that has more capabilities included for its cost.
Top Paid NTFS Software
The SolarWinds Access Rights Manager (ARM) is hands down the best NTFS permissions reporter available to demonstrate compliance and ensure internal security, preventing disastrous data leaks. Its permissions visibility capabilities are superior to any other tool on the market, free or otherwise.
This file permissions software scans all file servers to instantly display who has access to every folder, highlighting redundancies and unintended permissions administrators can’t catch on their own using standard Windows O/S or free tools. Showing multiple access paths, ARM helps system admins clean up access rights properly and visualize overlaps in Active Directory permission groups. With ARM, admins can also benefit from templatized provisioning and deprovisioning functions.
Finally, ARM has a variety of tracking tools to notify system administrators when file breaches have occurred, or suspicious activity is taking place, logging all changes for later reporting. ARM can be used for free with full functionality for a 30-day demo period.
Security Event Manager (SEM) is another highly recommended administration tool from SolarWinds for folder-sharing management. With SEM, users can increase the granularity of their tracking with File Integrity Monitoring (FIM), which logs changes on monitored files.
Using this tool, administrators can monitor access history in real time and identify users who change file and registry keys. They can configure monitoring to watch different types of access, including create, write, delete, change permission/metadata. With SEM, admins can standardize configurations across systems, configure monitoring templates, customize monitors, and personally configure rules, filters, and reports for FIM events inclusion.
Again, SEM is only free for its 30-day trial period, but it’s competitive with any other paid NTFS share permissions reporting tool and offers customizable tracking templates and configurable monitoring free tools can’t.
Folder Permissions Reporting Tools for Professionals
Even the most competent IT departments need help tracking file and share permissions across an entire network, which becomes cumbersome, if not impossible, as complicated AD structures across file shares on several servers make it difficult to understand who has access to what information.
The bottom line is that any organization needs folder permissions reporting capabilities for their own data security and for compliance standards. There are many wonderful free tools out there, like those that have been included above. If you’re looking for help with basics like searching for a single user or group’s permissions or getting a permissions report for a specified folder or file share, free tools will probably cut it. Free tools tend to have restrictions though, and require more manual input, have fewer customizable and configurable features, and cannot report on networks past a certain size without encountering errors or prompting edition upgrades to their costly alternative versions.
For transparent pricing and a full range of features upfront, I recommend Access Rights Manager or Security Event Manager with File Integrity Monitoring. Both are highly scalable, include customizable templates and filters, have sophisticated reporting capabilities for compliance documentation and internal presentations, and prioritize UI to make data easily visualizable. I found these two tools most intuitive to use and most informative, plus both SolarWinds products come with support and a 30-day free trial to test things out before deciding.
If you’re looking for security and compliance tools, you’ll also like this article on the best log management software available. Log management is complicated but integral to proving compliance standards and understanding system health—and reading this article is a great place to start if you’re a bit confused by the topic.
Also, as file shares are stored across multiple servers in a network, it’s best to have a full grasp on where your servers are, what functions they carry out, and how to pinpoint the division between an application and actual hardware.