Generating an NTFS Security Report

Windows NT File System (NTFS) reporting allows you to create reports to address potential security issues. Using the available NTFS security report templates, you can identify user and group access based on the associated Access Control Lists (ACLs). NTFS reporting also allows you to view the permissions assigned to network shares and directories.

You can use NTFS report templates to do the following:

•	Enforce permission standards

Many organizations have standards for data collection permissions. For example, they may define the specific ACEs (Access Control Entries) that should be contained in the ACLs on shares and folders. Ensuring that these policies are followed helps protect data integrity.

•	Audit security

Some organizations (such as financial institutions) have legal obligations concerning data security. They must control and monitor data access. The ability to detect security problems arising from data permissions is paramount. In this situation, NTFS reporting on share and directory permissions is central to daily network administration.

•	Prepare for domain consolidation or Windows migration

Consolidations and migrations are likely to involve new permissions. This lengthy process requires careful planning to determine the resources to which users have access. NTFS reports expedite this process.

To run an NTFS report template

1.	Expand Reporting | Report Templates | Permissions.

2.	Select NFTS.

3.	Right-click an NTFS report template and select Run Report.

4.	Click the Objects tab, then click Add to open the Object Picker dialog box.

5.	Expand Active Directory | Computers

– OR – 

Expand Windows NT | Computers.

6.	Select the computer you want to report on and click Add.

– OR – 

a)	Expand the computer you have selected and navigate to the folders, shares, or logical drives that you want to report on.

b)	Select the objects you want and click Add.

You can select multiple objects in the upper-right pane to add a group of objects. You also can select a combination of computers, shares, folders, and logical drives.

Instead of selecting objects and creating a static object set, you can create a dynamic object set that uses query searches. For more information, see To create an object set.

7.	To include system paths for the selected objects, click Paths and select from the following options:

Option	explanation
Path	Select one of the following: • Common program files • Program files • System drive • Windows directory
Recurse	Select the level of subfolders to report on.
Subfolder Expression Filter	Filter the search using regular expressions. For example, you can enter ^ followed by the text you want to search on. The carrot symbol (^) is a regular expression that is interpreted as "Only look for object types with names that begin with" followed by the text to search for. For example, if you entered ^msadc, the search would return all objects of the type specified whose names begin with "msadc". For more information on regular expressions, see Basic Regular Expression Syntax.

8.

Click OK.

9.	If you are reporting on shares, click Shares.

10.	Select one of the following share selection options:

Option	description
All Shares	Searches for all shares.
Search	Filter the search using regular expressions. For example, you can enter ^ followed by the text you want to search on. The carrot symbol (^) is a regular expression that is interpreted as "Only look for shares that have names that begin with" followed by the text to search for. For example, if you entered ^sales, the search would return all shares whose name begins with "sales". For more information on regular expressions, see Basic Regular Expression Syntax.

Using regular expressions allows you to narrow the focus of the search, making it much more efficient.

11.	Select one of the following share and folder reporting options, then click OK:

Option	description
Retrieve Share ACL	Reports on permissions applied to the shares. This option is selected by default.
Retrieve Folder ACL	Reports on the folder permissions on each share. You can enter the level of recursion or report on all levels.
Recurse Folders	Determines the level of subfolders to report on. Note: This option only becomes available when the "Retrieve Folder ACL" option is selected.
Subfolder Filter	Applies a regular expression filter to the names of the subfolders of the selected path. For more information on regular expressions, see Basic Regular Expression Syntax.

While still in the Object Picker, you can change selected share and folder reporting options for shares you have added. Right-click the share in question, and select Options.

12.	Click OK to return to the Run Report dialog box.

13.	Click the Attributes tab if you want to add, remove, or link the attributes being reported on.

For more information, see Linking Attributes.

14.	Click the Filter tab if you want to filter the data being collected.

For more information, see Applying Filters to Attributes.

15.	Click the Grouping tab if you want to specify a grouping and sorting order for the report.

For more information, see Grouping and Sorting Attributes.

16.	Click the Collection tab to select collection options.

For more information, see Using Different Collection Modes.

17.	Click the Output tab to select output options.

For more information, see Viewing and Saving Reports.

18.	Click OK to generate the report.