NTFS Permissions Auditor - Online Manual

Online Manual

Running an Audit

Starting the Audit

  1. On the home screen, select a profile from the profile list
  2. Click the Audit button

The audit opens in a new tab. Each audit gets its own tab, so you can run multiple audits simultaneously or keep previous results open while starting a new scan.

What Happens During the Audit

When the audit starts, the application:

  1. Prepares exclusion lists — Separates your exclusion rules into directory exclusions and account exclusions
  2. Enables privileges (if configured) — If Advanced File System Access is enabled on the profile, the application activates SE_BACKUP_NAME and SE_RESTORE_NAME privileges
  3. Scans each root directory in parallel — Every selected directory in the profile is scanned concurrently. For a profile with three root directories, all three are scanned at the same time, which significantly speeds up audits with multiple top-level paths
  4. Reads NTFS ACLs — For each folder, the application reads the Access Control List, resolves security identifiers (SIDs) to account names, and records the permission details
  5. Resolves group memberships — If “Get group members” is enabled, the application queries Active Directory for each group’s member list
  6. Saves the report — If auto-save is enabled in Settings, the completed audit is saved to the database for future reference

Progress Tracking

During the audit, you see:

  • Progress message — Shows the current operation (“Auditing…”, “Saving…”)
  • Per-directory progress — Each root directory shows its path and the number of folders processed so far
  • Start time — When the audit began
  • Animation — A visual indicator that the audit is running

Canceling an Audit

Click the Stop button to cancel the audit. The button label changes to “Stopping…” while the cancellation propagates to all scanning threads. Any results collected before cancellation are still available for review, though the report is marked as “Cancelled” rather than “Done”.

Errors During the Audit

The audit does not stop when it encounters errors on individual folders. Common situations that produce error entries:

  • Access denied — The current user (or alternative credentials) doesn’t have permission to read a folder’s security descriptor
  • Network path not found — A network share is unreachable during the scan
  • Cannot resolve SID — A security identifier cannot be matched to an account name (typically a deleted account)

Errors are collected in the Errors panel at the bottom of the report view. Each error shows the error message and the folder path where it occurred. You can review errors after the audit completes to decide if any require action, such as configuring alternative credentials or checking network connectivity.

When the Audit Completes

After all directories have been scanned:

  1. The report state changes to Done (or Cancelled if you stopped it)
  2. The tab title updates with the profile name and state
  3. Start and end times are displayed
  4. The first root folder in the tree is automatically expanded and selected so you can immediately begin exploring results
  5. If auto-save is enabled, the report is written to the SQLite database

The results are now ready for exploration in the Folder View and Account View.

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA