NTFS Security Auditor

NTFS Permissions Reporter software
For Auditing & Reporting Windows Files and Folders

Audit, Control, Manage and Analyze your File Server Security

NTFS Security Auditor is a powerful NTFS permissions tool that gives you complete control and flexibility to audit and report NTFS permissions on folders and files in windows file servers across your organization. NTFS Security Auditor provides you a comprehensive File Share permissions auditing software covering all aspects of your Windows File Server audit – permissions of users and groups on shares, folders and files.Our NTFS permissions reporter software presents insights on how the security of your windows network is organized, by reporting on Access Control Lists (ACLs) of Users and Groups on shares, folders and files in your File servers. The product caters to the needs of Information Security Analysts and managers as well as System Administrators by providing granular, multi-dimensional NTFS security reports.


Why Use Vyapin NTFS Security Auditing Tool?

How to effectively use NTFS Permissions Tool?

Vyapin NTFS Permissions Reporting tool provides a thorough and comprehensive review of Security and Health of the NTFS File system in your servers and workstations.

Dynamic Access Control (DAC) / Central Access Policy (CAP) Permissions

Central Access Policies need to be reviewed for security purposes. Find out what type of permissions and conditions have been configured for each the Central Access Rules (CAR) in Central Access Policy (CAP) over the domain controller (Windows Server 2012). Identify access limited permissions by Dynamic Access Control (DAC) / Central Access Policy (CAP) for folders. Identify all shared folders and subfolders (in Windows Server 2012) which have been affected / not affected by the Central Access Policy.

Users with special / explicit permissions

Assigning explicit or unique permissions to folders make your file servers go against the best practices of securing your file servers. To ensure you harden the security of your file servers, you need to first identify user accounts that have been given special / explicit permissions on folders, especially those users who have left the organization. You need to examine if inheritance rules such as “inheritance of permissions by folders from parent” have been properly applied or have they been broken or subverted.

Removed AD users list

Users who have been removed from your Active Directory are sometimes not properly removed from Access Control Lists in Shares and folders. Find out who your deleted or unknown users are and whether they have access to any of the shares, files and folders.

Track nested group membership

Group accounts, though very efficient, bring with them their own share of security issues as users may have inadvertent, unauthorized access to confidential files and folders indirectly. This may be especially difficult to track down because of nested group membership of multiple groups.

Who has access to what

Find out who has access to what in your Files, Folders and Shares. Identify if there is any unauthorized access.

Shared folders list

Though user workstations are generally secure, sometimes people sharing folders from their workstations for temporary purposes leave some security holes that need to be plugged.

Share permissions

NTFS Shares have their own permissions (Share permissions) that are different from folder permissions and such Shares in servers and workstations need further scrutiny.

Access Control list

Examine what type of access has been granted. Get granular security information on who can Read, Modify and Delete confidential Files and Folders.

Benefits of Using Vyapin's NTFS Security Auditor

  • Perform a granular search for exceptions on permissions, that is, search for various types of permissions that are not assigned on files and folders. For example, search for users and groups that do not have Full Control permission for a specified set of folders and files.
  • Report NTFS permissions across File servers and workstations in multiple domains, including Files, Folders and Shares. View permissions using different dimensions such as By User and Group Accounts, By Folders, By Permissions, By File Share and so on.
  • Ability to restrict the scope by scanning only a predefined subset of Accounts and Computers in the domain by setting up Scan Profiles. Especially useful for medium to large enterprise networks
  • Determine which users and groups may indirectly impact NTFS permissions based on their group memberships in nested groups (analyze inadvertent user access).
  • Determine what type of permissions and conditions have been configured for each of the Central Access Rules in Central Access policy over the domain.
  • Given a set of Shares, folders and files, identify which users have access and most importantly which groups do these users belong to.
  • Built-in Reports that have some of the most sought after Security reports.
  • Report local shares on individual workstations and produce a summary of all such shares for your entire domain.
  • Compare permissions on any two folders by displaying the differences in the ACLs of the folders.
  • Supports both Ms-Access and SQL Server for data storage.
  • Customize reports for display.
  • Perform a granular search of various types of permissions that are assigned on files and folders. For example, search for users and groups that have Full Control permission for a specified set of folders and files.
  • Report on Shares, folders and files with all their permissions, including Inherited and "Apply To" information, along with additional group membership information of users and nested groups.
  • Determine the “Effective Permissions” of groups and users on shares, folders and files – permissions that have been explicitly set and those that have been inherited through groups and nested groups.
  • No agent installation. Information is collected, processed and displayed on the same machine where NTFS Security Auditor is installed.
  • Security Vulnerabilities reports show possible vulnerabilities in access rights assigned to users and groups on shared folder(s) or file(s).
  • Given a set of users and groups, determine which share folders and files do they have access to.
  • Enumerate Computers using the Windows Browser Service or Active Directory.
  • Given a set of accounts, determine which shared folders do they have effective permissions based on DAC / CAP.
  • Determine on which shared folders and subfolders have been affected / not affected by the Central Access Policy.
  • Select a Set of Domain (s) / Server (s) and determine the configured Central Access Policies and Central Access Rules.
  • Generate a summary of shares and permissions for each domain.

What File Server Audit Reports you will get?

NTFS Permissions Report

Security Vulnerabilities Reports

DAC Reports

NTFS Shares Permissions Reports

Platforms Supported by NTFS Security Auditor

  • Windows 11
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012
  • Windows Server 2008