The Filter Manager lets you create named filters that find specific permission patterns in your audit results. Filters are a Pro feature.
Instead of scrolling through thousands of permission entries, you can define criteria like “show only Full Control permissions for non-admin users” or “find all folders where Everyone has access” and apply them instantly.
Saved filters are stored in the database and available across all audit results. You can also assign a saved filter as the default for a profile (see Profile Options).
Each filter consists of one or more conditions. A condition has three parts:
Field — What to test. Available fields fall into three categories:
Account fields:
| Field | What it matches |
|---|---|
| Account Name | The logon name (e.g., DOMAIN\jsmith) |
| SID | The security identifier string |
| Account Type | User, Group, Computer, etc. |
| Domain Name (NetBIOS) | The short domain name |
| Domain Name (DNS) | The full DNS domain name |
| Domain SID | The domain’s security identifier |
| Group Has No Members | Whether a group has zero members |
| SID Lookup Failed | Whether the SID could not be resolved (orphaned) |
| Account Disabled | Whether the account is disabled in AD |
| Manager | The account’s manager field from AD |
| Department | The department field from AD |
| Job Title | The job title field from AD |
Folder fields:
| Field | What it matches |
|---|---|
| Directory Owner | The NTFS owner of the folder |
| Directory Has Full Permission To | Whether a specific account has any permissions on the folder |
| Directory Inherits Permissions | Whether the folder inherits from its parent |
| Permissions Match Parent | Whether the folder’s permissions are identical to its parent |
Permission fields:
| Field | What it matches |
|---|---|
| Permission Type (Allow/Deny) | Whether the permission is an Allow or Deny entry |
| Basic Permission | Full Control, Modify, Read & Execute, etc. |
| Advanced Permission | Individual FileSystemRights flags |
| Applies To | The scope (This folder only, This folder and subfolders, etc.) |
| Is Inherited | Whether the permission is inherited from a parent folder |
Operation — How to compare. Available operations depend on the field type:
| Operation | Works with |
|---|---|
| Is Equal / Not Equals | Text and enum fields |
| Contains / Not Contains | Text fields, permission lists |
| Starts With / Not Starts With | Text fields |
| Ends With / Not Ends With | Text fields |
| Is Empty / Not Empty | Text fields |
Value — What to compare against. For text fields, you type the value. For enum fields (like Account Type or Basic Permission), you select from a dropdown.
When a filter has multiple conditions, they are linked with AND or OR logic:
For example, to find “Full Control permissions for non-admin users”:
To find “Everyone OR Authenticated Users access”:
You can build complex filters by combining AND and OR groups.
Apply a filter: Select a saved filter from the dropdown in the report view toolbar and click Apply. The results are filtered immediately — matching entries are shown in normal text, non-matching entries are greyed out.
Clear a filter: Click the Clear button to remove the active filter and show all results again.
Filters can be applied during the audit (via the profile’s default filter) or after the audit completes. When applied after, the original data is preserved — filters only change the display, not the underlying data.
If the Account View has been prepared when you apply or clear a filter, it is automatically re-prepared to reflect the new filter state.
To edit a saved filter, select it in the Filter Manager and modify the conditions. Click Save to update.
To delete a filter, select it and use the delete action. If the deleted filter was assigned as a profile’s default, the profile’s default filter is cleared.
Find all “Everyone” access:
Find orphaned SIDs (deleted accounts with permissions):
Find excessive permissions for regular users:
Find folders with broken inheritance:
Find disabled accounts that still have access:
Find all Deny entries:
Find permissions for a specific department: