How to Manage NTFS Permissions using NTFS Security Manager ?

– Grant, Revoke, Modify Permissions on Shares, Folders and Files

With Vyapin’s NTFS security Manager you can modify the security permissions of Shares, Folders and Files present in your network without affecting the inheritance from the parent object. Vyapin’s NTFS Security Manager has been architected using the latest Microsoft .NET technology, bringing you the best-in-breed NTFS Management solution for your entire Windows Network. You can create data subsets for your network using powerful scan options and meaningfully segment your entire network for managing permissions.

NTFS Security Manager in a nutshell

  • Grant permissions to multiple Accounts in one operation for File/Folder/Shares access
  • Replace existing permissions with new permissions
  • Delete selected Accounts including its permissions from the Files, Folders and Shares permissions list.
  • Delete permissions from explicitly assigned Account permissions
  • Allow or Block inheritance from the parent Share/Folder into the current File/Folder/Share
  • View and modify permissions on Shares, Folders and Files for every Account without any impact on the inheritance from its parent object
  • Create subsets of Computers/Users & Groups/Shares using the Scan Profiles manager for recursive use in permissions management
  • Power Search feature conditionally finds NTFS permissions on Files/Shares using powerful search queries

Let us do a quick walk through of how to grant, revoke and modify permissions for a set of Users / Groups using NTFS Security Manager in version 1.0.

Grant Permissions

Select the desired shared folder/file by either specifying the UNC path/Scan profile (Shares) name, Add From a list of available computers or import the list of UNC paths from a text file by clicking the relevant tabs.

Figure #1: Choose shared folders/files

shared folder

Specify the desired account name or choose from the Domain/Server/Scan profiles created already for Users/Groups to grant the required permissions. Here, ‘Frequent Accounts’ scan profile is chosen to grant permissions on shared folders.

Figure #2: Accounts selection (User/Group)

users group account

The Grant Permissions Wizard allows you to check multiple Access permissions (Basic & Advanced) and the Access type (Allow/Deny). You can also specify ‘on which’ objects to apply these permissions.

Figure #3: ACE permissions & Type

grant permissions

The next step in the wizard details the permission rules that you can define when granting permissions for certain user accounts. There are two major rules type – Assignment rule & Inheritance rule

Assignment rule: This rule Adds or Deletes the accounts and their permissions. Choose the ‘Add’ option to add the current permissions with the existing permissions. If there is a redundancy in User accounts, either the permissions can be merged or replaced completely with the current permissions.

Choose the ‘Remove’ option to delete and replace the existing accounts with the current permissions.

Inheritance Rule: You can either ‘Allow’ or ‘Block’ inherited permissions choosing the relevant options. There are additional options to copy or delete the inherited permissions before proceeding with the ‘Block’ option.

Figure #4: Choose Permission Rules

apply rules

Finally, you can store the wizard settings in a template and reuse them anytime.

Figure #5: Save the Grant Permission task settings as a template

template settings

Revoke Permissions

Follow the steps similar to ‘Grant Permissions’ task and check the box at the bottom in the Revoke Permissions wizard to revoke the existing permissions that were granted to User accounts inadvertently.

Figure #6: Revoke permissions

revoke permissions

Modify Permissions

The Modify Permissions feature allows you to view and modify the entire file system permissions. For example, you can use the Add option to add an account with permission Read and Execute. You can use the Remove option to remove an account and its explicit permissions from the share’s permissions list. You can also edit the existing permissions and Allow and Block inheritance from the parent object.

In figure 7 / screenshot given below, the first column lists the shared folders/files in the network. The next column lists all the accounts that have basic & advanced permissions. The last column lists all advanced permissions for the selected account. Now you can check/uncheck the desired permissions and finally check the box at the bottom to apply these changed permissions. Also, check or uncheck the box at the bottom in the second column to ‘Allow’ or ‘Block’ inherited permissions to this object from its parent.

Figure #7: Modify Advanced Permissions

permissions modifier

Solution Summary

Using NTFS Security Manager, you can:

  • Grant permissions in bulk for multiple Accounts to your Files, Folders and Shares
  • Replace existing permissions with new permissions
  • Remove selected Accounts with all its permissions from the Files, Folders and Shares permissions list
  • Remove permissions from explicitly assigned Account permissions
  • Allow or Block inheritance from the parent Share, Folder into the current File, Folder and Share
  • View and modify Account permissions on Shares, Folders and Files

Additional Info

NTFS Security Manager supports current versions of Microsoft Windows Server (2000/2003/2008) and localized versions of Windows Server, including German, Spanish and French. For more information about the new NTFS Security Manager v1.0, please visit: