Auditing NTFS Permissions

Comprehensive Guide to Auditing NTFS Permissions

Permissions Reporter is a powerful Windows security software tool that streamlines the creation of scheduled NTFS permissions audits across Windows file systems. This step-by-step guide demonstrates how to create, configure, and automate custom permissions audit reports with scheduled email delivery - essential for maintaining robust Windows file system security.

Advanced Audit Report Criteria

Permissions Reporter features comprehensive permissions data filtering capabilities that provide immediate answers to critical security questions such as:

• Which folders have security vulnerabilities through excessive permissions (e.g., full control granted to everyone)?
• Which directories grant access to disabled, compromised, or unresolvable user accounts?
• Which folders have broken permission inheritance chains that might create security gaps?
• And numerous other security-critical permission scenarios.

A key advantage of Permissions Reporter is its dual filtering approach: filters can be applied after a complete file system analysis or during the scan process. The latter method, called Project Scan Filtering, embeds filter criteria directly within the project definition. This optimization significantly improves performance when scanning enterprise-scale file systems, allowing you to selectively capture only the most relevant permissions data.

Let's walk through creating a security audit project that identifies potential permission vulnerabilities in your Windows environment.

Setting Up Your Security Audit Project

Launch Permissions Reporter and click the New Project button in the main toolbar to begin. When the Project Settings dialog appears, keep the default configuration settings, then navigate to the Scan Filter tab and follow these steps to create a security-focused audit:

• Check the Enable scan filter for the current project option to activate filtering
• Click the Add button to create a new filter rule
• Select Add quick filter from the menu options
• Choose Show only permissions allowing everyone full control to identify high-risk permission settings

Your project is now configured to scan your Windows system drive and identify any folders with potentially dangerous permission configurations that grant unrestricted access to the "everyone" or "authenticated users" groups. Save your project and execute it by clicking the Run Project button to generate your security vulnerability report.

Note: For more targeted results, you can customize the project scan filters based on your organization's specific security requirements and compliance standards.

Automating Your Security Audit Reports

To implement continuous security monitoring, we'll now configure automatic execution of your audit project with results delivered directly to your inbox for regular review.

• Click the Save button and choose a secure location for your audit project file (recommended path: "c:\security\audits\permissions-audit.xml").
• Click the Scheduler button to open the Scheduled Tasks management window.
• Click New to create a scheduled security audit task in the Task Editor.

Configure your automated security audit with these essential settings:

• In the Project path field, enter the full path to your saved security audit project.
• Enable the Excel file export option and specify a destination path for your audit reports (e.g., "c:\security\audits\security-vulnerabilities.xlsx").
• Enable Email report and enter the security team's email address (requires proper mail server configuration in the global options).
• On the Schedule tab, set an appropriate audit frequency based on your security compliance requirements.

Click Save to finalize your scheduled security audit. You'll return to the Scheduled Tasks window where you should select your new security task and run an immediate test to verify proper configuration and delivery.

Security Benefits and Outcomes

This guide demonstrates how Permissions Reporter enables automated, scheduled NTFS permissions security auditing with configurable reports delivered via email. By implementing regular permission audits, security teams can proactively identify and address Windows file system vulnerabilities before they can be exploited.

Additional Security Resources

• Microsoft's NTFS Security Documentation
• Download Permissions Reporter for Free Trial
• NTFS Security Best Practices Guide