NTFS Permissions Auditor - Online Manual

Online Manual

System Requirements

Operating System

NTFS Permissions Auditor requires a 64-bit (x64) Windows operating system:

  • Windows 10 (version 1607 or later)
  • Windows 11
  • Windows Server 2016 or later
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025

The application is a Windows desktop application (WPF) and runs on the administrator’s workstation — it does not need to be installed on the file server itself.

.NET Runtime

.NET 10 Desktop Runtime (x64) is required. If it is not already installed, the installer will prompt you to download it from Microsoft.

The runtime download page is: https://dotnet.microsoft.com/download/dotnet/10.0 — download the .NET Desktop Runtime (not just the base runtime).

Hardware

NTFS Permissions Auditor is lightweight. Minimum recommendations:

  • CPU: Any modern x64 processor
  • RAM: 4 GB minimum; 8 GB+ recommended for auditing large directory trees (100,000+ folders)
  • Disk: ~100 MB for the application, plus space for the SQLite database that stores your profiles, audit history, filters, and scheduled tasks

The database file is stored at %APPDATA%\ntfspa.db by default. The file grows as you store more audit results — a typical audit of a few thousand folders produces a database of a few MB, while very large audits (hundreds of thousands of folders) can grow to hundreds of MB.

Network

To audit local folders, no special network configuration is required.

To audit remote network shares, the machine running NTFS Permissions Auditor needs:

  • Network access to the target file server(s) — the tool uses standard Windows file sharing (SMB/CIFS) to read folder permissions
  • For share discovery (auto-detecting all shares on a server), the tool uses the Windows NetShareEnum API, which requires appropriate permissions on the target server
  • For domain-wide share discovery (finding all computers in a domain and scanning their shares), the machine must be domain-joined and have read access to Active Directory

If the logged-in user does not have sufficient permissions on the target shares, you can configure alternative credentials per audit profile (see Authentication & Credentials).

Active Directory

Active Directory access is optional but recommended. It is used for:

  • Resolving SIDs to account names — the tool looks up security identifiers to show human-readable names, display names, descriptions, departments, managers, and job titles
  • Expanding group memberships — when the “Get group members” option is enabled, the tool queries AD to show which users belong to each security group that has permissions
  • Nested group expansion — when “Get nested group members” is enabled, the tool recursively resolves group-within-group memberships

If the target shares use local accounts (not domain accounts), the tool resolves those against the target machine’s local SAM database instead of AD.

Email (Optional)

To use email notifications with scheduled tasks or to send test messages, you need access to an SMTP server. The application supports:

  • SMTP with or without authentication
  • SSL/TLS/STARTTLS connections
  • Multiple recipients (separated by semicolons)

See Email (SMTP) Configuration for setup details.

Permissions Summary

What you’re auditing What’s needed
Local folders Read access to the folders being audited
Network shares Network access + read permissions on the shares
Share discovery by server Permissions to call NetShareEnum on the target server
Share discovery by domain Domain-joined machine + AD read access
Group member expansion Read access to Active Directory
Advanced File System Access Local administrator rights (enables SE_BACKUP_NAME and SE_RESTORE_NAME privileges)

Use of this site constitutes acceptance of our Privacy Policy and EULA. Copyright © Albus Bit SIA