File Permission Management Software

Posted on 2008-06-17
Last Modified: 2012-05-05
We've been searching for software that will help us manage our file/folder permissions with Active Directory users/groups.

We've seen a demo by Varonis DatAdvantage and it's very impressive.  The price tag is not:  $70,000 initial fee, then $14,000 after that per year.  We have ~650 users.

Are there any competitors or software similar to this?
Question by:trippleO7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21806793
You can do it with built/in functionality in Active Directory by creating GPOs and setting the necessary permissions in Computer Configuration\Windows Settings\Security Settings\File System
Right-click and choose Add File
Browse to the folder for existing paths on the current computer or add a manual path in the input field for paths that doesn't nead to exist.
Click ok and choose the necessary permissions..

Link the GPO to an OU with computer objects.

Author Comment

ID: 21807003
Thanks for the reply.  We're looking more towards software that would allow us to basically click on a file, see the permissions (similar to what's built-in to a Windows OS), and then go a step further to be able to click on a user or group to be able to see what folders they have permission to and what level of permission.  Then to be able to make changes on the fly as needed.

It would serve as a Auditing and Security compliance, as well as permission management.  I hope that explains it in better detail.

An example would be:  The head of HR comes down and requests to see if a certain person has access to a particular folder, or to see everything this person has access to, on the network, it's proving to be difficult for us (IT Dept) to gather that information.

Another example would be:  One person leaves the company and a replacement is hired.  We are given the task of granting this new person access to everything the previous employee had access to.  It seems nearly impossible to complete this type of request.

LVL 31

Accepted Solution

Henrik Johansson earned 125 total points
ID: 21807163
Yes, reporting is always an issue...
Take a look on Hyena,, which maybe does what you want.

When replacing a user to give the new user the same permissions, just rename him to keep the SID or always use groups when setting permissions. Setting permissions directly to an user will be easy for the moment, but will be a real pain in the future when neading to clean up and remove permissions.
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

LVL 58

Expert Comment

ID: 21807290
Hyena will do the job of showing you what resources, files and folders a user has access to on the network, and it's not as expensive.

>> "We are given the task of granting this new person access to everything the previous employee had access to"
It would be a lot better if you created groups to do this sort of thing. You would assign all of your common permissions say for a particular department to one security group, then just make users a member of that group and use the GROUP on the NTFS security over the folders. Doing this means you keep things tidy by not defining individual user accounts on the file system, and for the replacement user, you just need to make them a member of the same groups and all permissions will be inherited down to them.


Author Comment

ID: 21807355
Thanks.  I didn't know Hyena had this capability.  We actually own a license of it so I will be checking it out.  I'm able to see which users/groups have permissions to a particular folder, but not the opposite.  I'll have to look at how to do this.

The group thing is what got us started looking at a solution like this.  We have too many folders with individual user accounts and we have a security overhaul starting in the next few months.
LVL 58

Expert Comment

ID: 21807374
>>> "a security overhaul starting in the next few months."
It will be for the better, I can guarantee!

Good luck with Hyena, please post back how you get on.

Author Closing Comment

ID: 31468093
I haven't figured out how to check a user/group within Hyena to verify which shares it has access to, but I have an open question on the Hyena Forums about it.  I will post back what I find out.  

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question