Analyze and compare NTFS permissions
by Stefan Kowski
An important task of security officers is to carry out random inspections to see if folder permissions changes have been made that do not comply with the documented standard procedure. But also when dealing with data access problems it is very practical to be quickly able to determine whether problematic changes in the rights of any one folder exist.
It’s done like this: Carry out regular folder permission analysis with the Parks Authorization Manager (PAM) and store the results in text files.
The scan result window must be active in order to do an export. The export is started via the menu File > Export > Scan result....
To find changes in permissions you can now just compare the exported files with a text comparison tool (diff). A good and free tool to use is WinMerge.
Open the old file in WinMerge on the left side, the newer one on the right. WinMerge then displays the files besides one another and marks any changes in a different colour.
The figure shows two exported analysis results in WinMerge-Comparison. The units marked in yellow show the differences between the two text files.
You can see from our example that one permission (Modify) for one user – no longer exists in the current analysis (left side, lower yellow bar). In addition, two new permissions (Full) for two users has been found in the current analysis (right side, upper yellow bars). There are no permission changes in the white area.