Real world scenarios and usage examples
Trusted domains and foreign members in groups
If you work in an environment where you actually have domain trusts, you most likely have domain local groups that have members from one of your trusted domains, foreign members. Now, the only way to see such a membership is from the group, not from the actual user-object, cause it is in a foreign domain. Now, reading/importing the groups to the IT-Admins Tool will show you the amount of foreign members per group and therefor allow you to filter all groups with foreign members rather quick and therefor be able to identify cross-domain memberships. The foreign member is even colored differently in the group-membership tree-view.
NTFS permissions and the synchronize attribute
If you are dealing with more complex NTFS permissions and settings, at one point you will come across the Synchronize-Attribute. This is the only attribute you can’t even see in the show advanced permissions view in Windows-Folder permissions / Windows Explorer. You can read and control it via Command-Prompt tools or PowerShell, though, but it is not an easy to see attribute. The synchronize attribute can actually cause issues if you set up permissions and use e.g. permission based folder view – so folders the user has no permission too will vanish etc.. I came across situations where this attribute actually caused the issue, while the right was implemented via CLI tools like CMD-commands or PowerShell commands and scripts. In the end, we only found out what was wrong by using the NTFS-ACL scanning in the IT-Admins Tool and eventually saw that group A had the synchronize attribute set but not group B, once we corrected group B our issues where solved.
File-System audit/documentation of permissions
IT audits often include File-System permissions, respective NTFS permissions or simply ACLs. Simple run the NTFS permission reader with high enough permissions on the path you need to document and the path depth level you need to investigate (e.g. 9999 to go all the way down). Then use the EXPORT function and you will end up with as CSV file. You will see two columns for TYPE (folder or file) and two for the PATH as well.
The first of each of those columns will show the TYPE and PATH only in the first row, the second will show it per row. Confused? It is simple, the first row holds e.g. the PATH – the next five will be per group that has access and what kind of access. Then the next PATH (first row) will appear and so on. Removing the TYPE and PATH columns that show the information per row, will leave you with an better readable/printable report. But to be able to filter in the list, you will need those columns per row. Leaving you with both options, just remove what you don’t need or leave what you prefer.
Now you might wonder what this export will include. You might just have read in a structured file-system with half a million folders or more (be patient, this can take time to read in). Now, if you export this, you don’t want to see each folder in there. And this is where the EXPORT actually will help you. All you will export is each PERMISSION break – every path that had additional permissions or the permission inheritance was changed/broken up. Leaving you with a rather short EXPORT and only the information you will really need, instead of each and every folder and file and their respective permission.
Your report of file and folder permissions (ACLs) will be done in minutes. Of course, to make your AUDIT complete, you should export GROUPS and USERS as well and save those files as well, so you can see who is member of a specific group at this point in time and have a complete report at hand.
Export a File and Folder structure from NTFS
You might come across the need to have your folder structure or even files and folders in a simple file, line by line to process it further, like using it as a source for scripts. Simply use the NTFS ACL reader, set the path and path depth and read folder or even files and folders in to the system, to speed it up – check only first level information as well before you read it in. Once finished and visible in the tree-view, right click in the tree-view and choose ‘export structure to CSV’ from the context menu. This will export it to a CSV you easily can process further – per row you will see the type, file or folder, and the full path of the element.