Page icon

Permission Analyzer supports any version of Active Directory and the scan can take place from any Windows machine within your domain.

Permission Analyzer’s trial version is limited to 2 root directories, a maximum depth of 5 sub directories, 3 member filters and the export to HTML/CSV is limited to a depth of 3 sub directories. If you’d like to try out one of the editions, then just fill out the trial request form.

Permission Analyzer requires no installation, just extract the zip file and run the application! Note that if you extract the application into the Program Files folder of Windows you might run into Windows permission issues, since the application stores information in the application directory. You can run the Permission Analyzer as Administrator or unzip the application into another directory than Program Files.

Version: (May 05, 2024)

Download offline update packageDownload the update package (10MB) if you already have Permission Analyzer without an Internet connection for the update service. Extract the zip file in the application directory and start run_update.bat

Version history

  • Minor updates in de user interface
  • Update in the licensing system

  • Track changes: Compare HTML reports with previous exports and create a new HTML report with the differences over time

  • Added a new preference to toggle between username or display name in the export reports.

  • Added a new preference to split file exports based on a maximum number of MB.

  • Added a new report type “Folder/files and users with their effective permissions”. It is similar to the ACL report, but it hides group information and shows all users directly under the folder/file.
  • Added the option to configure your own logo in the HTML reports (set your logo in the application preferences).
  • Added a simplified version of most of the HTML reports, suitable for management overviews. Just select the checkbox “Simple presentation” in the report details, it will leave out some of the columns, checkboxes and filter information.
  • Special permissions are default hidden in the HTML reports.
  • Added a preference to configure the CSV separator, since Excel expects a semicolon while the default character is a comma.

  • Added a new filter option to invert the matching folders in the overview. Enabling this checkbox in the Folder filter panel will display all the folders that do not match the filter criteria. This can be useful to create an overview of all folders that do not have a particular member in the ACL list. For example, include a member filter Administrators, and check the option Invert matching folders. This will display all folders that don’t have the Administrators group on them. The exclude member filter will not work in this case, because it will just exclude the Administrators permissions from the overview, but the folders will still appear since they have other permissions that match the filter.

  • Added a wizard to create new policies
  • Performance improvements in the Report View when using an external database
  • Reorganized the list of items to scan (servers, local directories, shares, etc.)
  • Added a new filter for disabled users
  • Added two new report types:
    • Groups that have permissions in the folder tree and their direct members
    • Groups that have permissions in the folder tree and their nested members

  • Added file owners to the overviews, including a filter on the account name of an owner
  • Added the option to display ownership ratio in the overview (this is default disabled because of the performance impact, but can be enabled in the preferences)
  • Added the option to change the ownership and file inheritance in the context menu of the folder tree
  • Added two new report types: “Groups and nested members” and “Groups and direct members”
  • Added the option to add a server name in the scan list (instead of a directory or network share). The application will scan all the shares of that server, except the hidden drives like c$ and the shares admin$, print$ and ipc$. Use the command-line parameter “-includeSharedDrives” to scan hidden drives like c$ as well.

  • Added efficiencies in the scanning process, making scanning much faster.

  • Added the feature to import a text file generated by a given PowerShell script.

  • Created a better separation between reports and policies, including a dialog that shows the current status of all your policies.
  • Added a wizard to create a new policy
  • Renamed the report types and added a new report type that orders the data by user/group

  • Added two new tabs in the Report View. One tab with the members of the selected directory and their effective permissions and one tab that displays all users and groups that have been found in the directory tree, including their ACE’s.

  • Support for Scan Agents that run locally on the file server and submit their information to a central database. The previous version would always truncate the existing data from the database, this is now configurable in the Scan View.
  • A new checkbox has been introduced in the Scan View to exclude inherited permissions from the scan. So besides excluding them in the overview, they can now be excluded from the database completely. This means the database will be a lot smaller (and faster) in that case.
  • The export reports contain a new column with the number of members per directory.
  • Uchecking the member column in the HTML report will now hide the whole ACE row.
  • The HTML reports have a new icon to copy the file path quickly to the clipboard.

  • Added support for long file paths (Windows MAX_PATH limitation).

  • A new panel has been added to display all members that have been found in the results after the filters are applied.

  • A new audit dashboard with 18 charts showing statistics about your network users and groups, permissions and files.

  • A complete renewal of version 1.x

Good old memories... Store filters as report