Product Review: NETsec Permission Reporter
Product: NETsec Permission Reporter
Product Homepage: click here
Free Trial: click here
Given the ever present threat of security breaches and compliance audits, it is more important than ever for IT pros to know exactly what permissions have been assigned to the resources on their networks. NETsec offers a tool called Permission Reporter that is designed to compile and report security permissions. Curious as to how effective this tool would be, I decided to take a look. This review is based on Permission Reporter version 4.0.5954.21807.
I tend to write a lot of product reviews, and one of the things that I have often found is that enterprise grade products tend to be complicated and time consuming to deploy. I am happy to report that NETsec Permission Reporter was simple to deploy. I downloaded a 90 MB zip file, decompressed the file, and ran Setup. The Setup wizard required me to click Next a few times, but that was it. I didn’t have to provide any information or make any decisions.
After the initial setup process completed, I used the newly created desktop icon to launch Permission Reporter. Upon doing so, I was prompted to provide an account that could be used as a service account. I also had to specify whether I wanted to use a local database (SQL Server Express), or use an external database. Although NETsec makes it very clear that the local database option isn’t appropriate for production environments, I used the local database for testing purposes.
The database installed very quickly, and the software launched into the Global Config Wizard. The software had initially warned me that things might not work correctly if I were to use the built-in administrator account. I tried using this account anyway, because I wanted to see what would happen. I can confirm that the Global Configuration Wizard does not work correctly if you use the Administrator account.
The Global Config Wizard walks you through the initial configuration process. This includes things like entering your company name and providing a copy of your logo. I found the wizard to be very simple to use, and completely intuitive. It took less than five minutes to work through the configuration process.
Using the Software
Once the initial configuration process completes, Permission Reporter launches, and displays the screen shown below. As you can see in the figure, the column on the left lists four basic steps that you must complete in order to use the product.
The interface includes a handy quick start guide.
As you can see in the figure above, Step 1 is to run the Global Config Wizard. Step 2 is to create a new analysis. I have to admit that I expected to be able to click on Step 2 to launch this process, but the software doesn’t work that way. I also did not initially see a toolbar option that corresponded to the second step. After consulting the documentation, I discovered that you have to click on the icon that is associated with Step 2, rather than clicking on the text. I would really like to see NETsec make both the icon and the text clickable.
Incidentally, I found the documentation to be very helpful and easy to follow. NETsec provides a quick start guide that steps you through the entire process. This guide includes lots of screen captures, which also tend to be helpful.
With that said, I decided to have a look at the folder permissions on my local server. When I clicked on the Step 2 icon, Windows launched the Create FileSystem Profile Wizard. As you can see in the figure below, I was prompted to enter the name of the folder to be analyzed, and to choose whether I wanted to analyze files and sub-folders.
I decided to analyze my server’s C: drive.
The next step in the process was to run the report. To do so, I clicked on the icon next to Step 3, and Permission Reporter immediately began compiling statistics, as shown below.
NETsec Permission Reporter began to compile statistics immediately.
When the data compilation process finished, I was able to click on Step 4 to review the data that had been collected. I have to admit that I wasn’t very excited about viewing a list of folder permissions. After all, it is possible to create such a list by using a few lines of PowerShell code. However, Permission Reporter exceeded my expectations. You can see what the report looks like in the figure below.
This is what the finished report looks like.
As you can see in the figure, Permission Reporter takes a hierarchical approach to permission reporting. The column on the left lists profiles. A profile is linked to a set of resources that is to be analyzed. In this case for example, I created a profile called PoseyDemo, and it is designed to report on C:\.
Just to the right of the profile list is a list of individual reports. When you click on a report, the column on the far right displays a folder tree. Clicking on a folder causes the pane at the bottom of the interface to display the permissions for that folder. Incidentally, I absolutely loved how cleanly this information was provided. The permissions were very easy to read and understand.
It is worth noting that the previous screen capture displayed the reporting data from the file system point of view. By clicking on a taskbar icon, it is possible to change the display so that the data is shown from an Active Directory point of view. In other words, you can click on an Active Directory user or group and see which resources the user or group has access to. You can see what this looks like in the figure below.
NETsec Permission Reporter is able to display permission data based on Active Directory users and groups.
In case you are wondering, this data can be exported to either a PDF file or to a CSV file. In doing so, you can create an overview report, or you can base your report on things such as effective permissions or DACL differences. This makes it really easy to track permission changes that occur over time.
Finally, the application includes a built-in scheduler. This scheduler, which you can see below, makes it possible to automate the data collection process.
You can collect permission data on a scheduled basis.
When I write a review for this site, it has become customary to assign the product a numerical star rating ranging from zero to five, with five stars being the highest possible score. After careful consideration, I decided to give Permission Reporter a score of 4.7, which is a Gold Star award.
I was really impressed with how intuitive the software was to install, configure, and use. I also found the product’s documentation to be very well written. Some people might consider the application to be too lightweight, but my assessment is that the software does one thing, and does it well.
My hope is that NETsec will further improve on this already great program by adding permission reporting modules for common business applications, such as Exchange Server. Exchange Server (and many other enterprise applications) uses the concept of Role Based Access Control, and it would be really great to be able to include a list of these permissions alongside the file system permissions.
WindowsNetworking.com Rating 4.7/5