NTFS Permissions Auditor - Online Manual

Online Manual

Quick Start Guide

This guide walks you through a complete NTFS permissions audit from start to finish. By the end, you will have scanned a folder (or an entire file server) and seen exactly who has access to what.

Time required: About 5 minutes for your first audit, depending on the number of folders.

Step 1 — Create an Audit Profile

A profile saves your audit configuration so you can re-run the same scan later. Each profile stores which directories to audit, what options to use, and what to exclude.

  1. On the home screen, click Add profile
  2. The profile editor opens with several tabs

Directories tab — Add the folders you want to audit. You have three options:

  • Browse — Select a local folder using the standard Windows folder picker
  • Network shares — Enter a server name (e.g., \\fileserver01) and click to discover all its shares. You can also enter a domain name to find all computers and their shares across the domain
  • Import — Load a list of paths from a text file

Select the directories you want to include by checking them in the list. You can add as many directories as needed — local paths, UNC network paths, and DFS paths all work.

Options tab — Configure how the audit runs:

  • Get group members — When enabled, the tool queries Active Directory to show which individual users belong to each security group that has permissions. This is highly recommended for a meaningful audit
  • Get nested group members — Resolves groups within groups recursively. Enable this for a complete picture of who has access through nested group memberships
  • Exclude groups from Excel export — If you only want individual users in your exports, check this option

Leave other options at their defaults for now — the Audit Profiles section of this manual covers all options in detail.

  1. Give your profile a name (or keep the auto-generated timestamp name)
  2. Click Save

Step 2 — Run the Audit

Back on the home screen:

  1. Select your newly created profile from the profile list
  2. Click the Audit button

The audit begins immediately. You will see progress indicators showing which directories are being scanned and how many folders have been processed. The scan speed depends on the number of folders, network latency (for remote shares), and whether group member expansion is enabled.

What happens during the audit:

  • The tool reads the NTFS ACL (Access Control List) on every folder in your selected directories
  • For each permission entry, it resolves the security identifier (SID) to a readable account name, display name, and other details from Active Directory or the local machine
  • If “Get group members” is enabled, it queries AD for each group’s membership list
  • Any access errors (e.g., “Access denied” on specific folders) are logged but do not stop the audit — the tool continues with the remaining folders

You can cancel the audit at any time if needed.

Step 3 — View Results

When the audit completes, the results open automatically. You have two ways to explore the data:

Folder View

The Folder View shows your audited directories as an expandable tree structure — exactly mirroring the folder hierarchy on disk.

  • Click any folder in the tree to see its permissions in the detail panel
  • The detail panel shows: the folder’s full path, owner, last modified date, and whether it inherits permissions from its parent
  • Below that, you see every permission entry on that folder: the account name, permission type (Allow or Deny), basic permissions (Full Control, Modify, Read & Execute, etc.), and whether the permission is inherited or explicitly set
  • Click any permission entry to see the account’s details: display name, SID, account type (user, group, computer, etc.), description, department, manager, and job title
  • You can also see the advanced permissions breakdown (Traverse Folder, Read Data, Write Data, etc.)

Account View

Switch to the Account View to see the data organized by user and group rather than by folder.

  • Each row represents a security principal (user, group, or computer account) that has permissions somewhere in the audited directories
  • Expand a row to see every folder that account can access, along with the specific permissions
  • Account details include: name, display name, type, SID, description, department, manager, job title, and whether the account is disabled

The account view is especially useful for answering questions like “What can this user access?” or “Which folders does the Finance group have permissions on?”

Both views support sorting and grouping by any column.

What’s Next

You have completed your first NTFS permissions audit. From here, you can:

  • Save and re-run — Your profile is saved. Select it anytime and click Audit to re-scan with the same settings
  • Export results (Pro) — Export to Excel, CSV, HTML, XML, or PDF. See Exporting Reports
  • Filter results (Pro) — Use the filter manager to find specific patterns, like “all folders where Everyone has access” or “all Full Control permissions for non-admin users.” See Filter Manager
  • Compare audits (Pro) — Run the same audit again later and compare the two results to see what changed. See Report Comparison
  • Schedule automated audits (Pro) — Set up daily or weekly audits that run automatically and email you the results or alert you to changes. See Scheduled Tasks
  • Fine-tune your profile — Add exclusions, configure authentication for remote shares, limit folder depth, and more. See Audit Profiles

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA