File Permission Management Software

Posted on 2008-06-17
Last Modified: 2012-05-05
We've been searching for software that will help us manage our file/folder permissions with Active Directory users/groups.

We've seen a demo by Varonis DatAdvantage and it's very impressive.  The price tag is not:  $70,000 initial fee, then $14,000 after that per year.  We have ~650 users.

Are there any competitors or software similar to this?
Question by:trippleO7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21806793
You can do it with built/in functionality in Active Directory by creating GPOs and setting the necessary permissions in Computer Configuration\Windows Settings\Security Settings\File System
Right-click and choose Add File
Browse to the folder for existing paths on the current computer or add a manual path in the input field for paths that doesn't nead to exist.
Click ok and choose the necessary permissions..

Link the GPO to an OU with computer objects.

Author Comment

ID: 21807003
Thanks for the reply.  We're looking more towards software that would allow us to basically click on a file, see the permissions (similar to what's built-in to a Windows OS), and then go a step further to be able to click on a user or group to be able to see what folders they have permission to and what level of permission.  Then to be able to make changes on the fly as needed.

It would serve as a Auditing and Security compliance, as well as permission management.  I hope that explains it in better detail.

An example would be:  The head of HR comes down and requests to see if a certain person has access to a particular folder, or to see everything this person has access to, on the network, it's proving to be difficult for us (IT Dept) to gather that information.

Another example would be:  One person leaves the company and a replacement is hired.  We are given the task of granting this new person access to everything the previous employee had access to.  It seems nearly impossible to complete this type of request.

LVL 31

Accepted Solution

Henrik Johansson earned 125 total points
ID: 21807163
Yes, reporting is always an issue...
Take a look on Hyena,, which maybe does what you want.

When replacing a user to give the new user the same permissions, just rename him to keep the SID or always use groups when setting permissions. Setting permissions directly to an user will be easy for the moment, but will be a real pain in the future when neading to clean up and remove permissions.
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

LVL 58

Expert Comment

ID: 21807290
Hyena will do the job of showing you what resources, files and folders a user has access to on the network, and it's not as expensive.

>> "We are given the task of granting this new person access to everything the previous employee had access to"
It would be a lot better if you created groups to do this sort of thing. You would assign all of your common permissions say for a particular department to one security group, then just make users a member of that group and use the GROUP on the NTFS security over the folders. Doing this means you keep things tidy by not defining individual user accounts on the file system, and for the replacement user, you just need to make them a member of the same groups and all permissions will be inherited down to them.


Author Comment

ID: 21807355
Thanks.  I didn't know Hyena had this capability.  We actually own a license of it so I will be checking it out.  I'm able to see which users/groups have permissions to a particular folder, but not the opposite.  I'll have to look at how to do this.

The group thing is what got us started looking at a solution like this.  We have too many folders with individual user accounts and we have a security overhaul starting in the next few months.
LVL 58

Expert Comment

ID: 21807374
>>> "a security overhaul starting in the next few months."
It will be for the better, I can guarantee!

Good luck with Hyena, please post back how you get on.

Author Closing Comment

ID: 31468093
I haven't figured out how to check a user/group within Hyena to verify which shares it has access to, but I have an open question on the Hyena Forums about it.  I will post back what I find out.  

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question