Generating NTFS Permissions Reports with Goverlan
The combination of a report on NTFS permissions for a corporate share and a report on AD group memberships helps define the who has access, what level of access, where do they have access, etc. The unanswered questions seems to be WHY? As in why should I (or you) care about NTFS permissions reports?
Here are a couple of good reasons why you may want to be able to build and customize your own NTFS permissions reports.
- New user provisioning – If part of your provisioning process includes running a quick live audit to ensure your new user had access to the files and folders necessary, you will reduce help desk requests and new user frustration.
- User role changes – Users change roles and need access to new resources. Unraveling security group permissions can be a nightmare for a simple role change.
- Terminating users – Running an audit (report) after an employee gets terminated just to ensure you revoked access. This is especially important for organizations with compliance mandates. See the Goverlan Terminating Employee Scope Action example
Here is why Goverlan is great for NTFS permissions reporting.
- It is native, as in there already. Nothing to configure, add, purchase etc. You are minutes away from automating this if you are a customer
- You can fully automate both generating and delivering the reports, including automated and scheduled delivery to department heads, auditors, etc.
- You can combine Group memberships reports with NTFS permissions permissions reports and understand each individual user’s level of access.
Good thing you are on top of your game and didn’t overlook this important set of reports. Reporting on NTFS permissions is done in a few simple steps using Goverlan.
- Create a Scope Action
- In the Scope, add the machines (servers) that host the corporate shares.
- In the actions section, navigate to Report Computer Property >> File System Permissions >> Manage Accessible Directories
- From here you will access the Accessible Directory Paths Manager. Use this to define names for directories that you want to report on. You can also define the report “depth” using the Include sub-directories and level deep settings. This will define how many folders within folders Goverlan will report on.NOTE: If you want to create a report on a NETWORK SHARE, you have to point the accessible path at the SERVER that is hosting this network share and its EXACT path. See the example below.
- Goverlan also supports the use of Windows variables and wildcards in the file path so you can focus your reports to specific folders, file extension, etc.
- Once you have defined a reporting path and given it a name you can then add columns to your report. Goverlan will report on basic access type or extended (with read/write attributes) as well as permissions inheritance.
Example: NTFS Permissions Audit for Corporate Share – Sales Directory
In this quick example we are going to use 2 reports that are native to Goverlan to audit the Sales Directory on our Corporate Share.
We need to make sure that the right employees have the right access. The first report we will look at is a Group Membership report. This will allow us to audit (report on) all Sales group members and ensure that the necessary folks are included.
Now we can report on the access level this group of users has.
Here is a link to a knowledge base article for more information:
Feel free to comment or contact us for additional details. Also, if you need this in a hurry and you are not a Goverlan customer (yet), our trial is FULLY functional for 30-days.