Latest posts by Paul Schnackenburg (see all)
- Repair a corrupt EDB file with Stellar Repair for Exchange - Tue, Jan 14 2020
- Fixing WSUS issues with the SolarWinds Diagnostic tool for the WSUS agent - Tue, Nov 26 2019
- ManageEngine Desktop Central: Unified endpoint management for Windows, Linux, and Mac - Wed, Sep 18 2019
The problem FolderSecurityViewer addresses comprehensively is one any administrator is going to be familiar with. A complex nested group structure in AD built up over many years applies to multiple file shares on multiple file servers. Working out (and reporting on) exactly who's got access to what is exceedingly difficult and time-consuming. FolderSecurityViewer makes it easy, not just as a one-off thing, but it also tracks changes over time.
What's new ^
This improved version brings the following to the table:
- Comparison of saved reports
- AD Browser to walk through the organizational unit (OU) structure, select an AD group, and see its members (recursive browsing of a group is possible)
- Feature tour: guides a new user through all features
- Share report enumerating all servers, shares of a network, and OUs
- Introduces a command-line interface (CLI) usable with scheduled tasks; writes to any target (CSV, HTML, XLS, or DB, if configured)
- User permissions report
Let's take a look at each of these. The ability to compare reports of similar folders or the same shared folder from two different points in time is powerful. It shows you what's the same in both sets of effective permissions and any added, removed, or modified entries.
The explorer view of your AD OU structure is very useful and allows you to drill down to find specific groups in OUs and then find any nested groups inside those groups.
I found the feature tour very useful—pick a tour, and small pointers appear on top of the UI explaining step by step how to use each part of FolderSecurityViewer. It got me up to speed on the UI and capabilities very quickly.
The share report lets you scan your network for servers and their shares, add servers manually by name, or pick them from AD. After adding them, you see all the servers and their shares, making it easy to pick the shares you need to investigate or report on.
The addition of a command-line version makes FolderSecurityViewer much more versatile. You can schedule this to run on a regular basis to create folders, permissions, or owner reports as Excel, HTML or CSV reports (just like the GUI version does). You can also store the reports in the database (the built-in one or an external SQL 2008+ server). I can imagine scheduling scans of all file servers once a week and then using the new compare share report to identify changes to permissions.
One tricky situation is where a user account has different permissions in a lower folder in the hierarchy of folders than in the root. The improved user permissions report breaks this out nicely and analyzes the entire hierarchy. This allows you to see whether rights have been directly assigned to the user or inherited from a group.
Other interesting features include the ability to exclude groups from reports and being able to translate or give a custom name to items such as access control types and file system rights.
I found FolderSecurityViewer very easy to use and powerful for the specific tasks it addresses. If you've got the General Data Protection Regulation (GDPR) or any other regulation requiring you to show who's got access to what, FolderSecurityViewer is the solution I would recommend. It's available in a free tier, a Company version that scales to 3,000 objects in AD, and an Enterprise version that has no scale limitations.