A new version of NTFS Security Auditor 3.0 has been released recently with features to report on effective Dynamic Access Control (DAC) permissions in Windows Server 2012 and Security Viewer feature. The new version provides different types of Effective DAC reports and presents NTFS permissions of entire local file system folders and network shared folders in a nice user friendly GUI.
Dynamic Access Control (DAC) introduced in Windows Server 2012 facilitates enhanced permission control over folders/files by way of central access policy defined at the domain level.
It gives wider control to folders and files in the file servers in addition to the NTFS permissions and for security compliance for modern day business requirements. The permissions of the DAC (Central access policy) will be applied on the shares/folders whenever the conditions defined in the Central Access Rule satisfy the classification data assigned in shares/folders.
More about Dynamic Access Control (DAC) can be found at https://technet.microsoft.com/library/hh831717.aspx
Types of DAC Reports:
Effective DAC permissions for specific users and groups on folders:This report shows the effective DAC permissions for the specified users and groups on the selected shared folder(s)/file(s).
Effective DAC permissions for Accounts having permissions on specific folders:
This report shows the effective DAC permissions for accounts having NTFS permissions (DACL) on specified folders.
List of Central Access Policies (CAP) and Central Access Rules:
This report shows the Central Access Policies (CAP) and Central Access Rules configured for a domain.
Folders affected/not affected by DAC Central Access Policies:
This report shows the folders affected/not affected by the DAC Central Access Policy and Central Access Rules.
Security Viewer :
Security Viewer shows the NTFS permissions of file system folders and shared folders with the separate views for basic and advanced account permissions in a single view. The elegant UI facilitates easy viewing of permissions, unlike multiple navigation through folder/ file properties. It also shows the local drives and folders permissions.
The following are sample reports generated by using the Security Viewer tool.
# Basic Accounts permissions:
# Advanced Accounts permissions:
Find out more about the Security Auditor and how you can benefit through it here –