Inventory Permissions

    A permission analysis requires that the NTFS permissions to the directories have been stored in the database. For this purpose, you can use a wizard or the Docusnap server.

    The NTFS Permissions Analysis wizard can be started from the IT Security ribbon.


    Company Selection

    Unlike a network scan, a NTFS permissions scan does not allow you to create a new company. You need to select an existing company. A Windows, CIFS or DFS inventory scan must already have been performed for this company. Otherwise, it will not be possible to retrieve the permissions.



    Please note that only existing domains in a company may be selected for authentication. After you have selected the domain, Docusnap will display the user name and password that were used for creating the network inventory. If desired, you can also enter the credentials of another user. Aside from this, you can also use the name and password of the currently logged-on user to perform the inventory scan. In this case, only select the domain and leave the User Name and Password fields blank. Afterwards, click the Check Credentials button to check if the user is a member of the domain and if the proper password has been entered. After successful authentication, the Next button will be enabled.



    All Windows systems that have been scanned will be displayed on the Systems wizard step. In addition, it lists all drives on the corresponding systems. Alternatively, the individual shares of a system can be listed by checking the checkbox Use Shares for Windows Systems.

    Use the checkbox next to each system to indicate whether the permissions for that system are to be scanned or not. If a system has multiple drives, a separate system entry will be listed for each drive. If the checkbox Use Shares for Windows Systems is checked, then all the shares of a system are available for selection. Thus, the scope of the permission scan can be selected individually for every system. Using a Filter, you can filter the systems list for individual values, for example, names or types of systems.

    For systems based on the SMB or CIFS protocol, such as NetApp Filer or Samba Server, the available shares rather than the local drives will be displayed for selection on the those systems.

    Likewise for DFS systems, all existing shares will be available for selection.

    • Scan Folder Size: If the checkbox Scan Folder Size is selected, the folder size is inventoried for each folder. Otherwise, each folder will be displayed with the size 0. To determine the folder size for large folders can prolong the duration of the inventory.

    • Limit Folder Levels: The Limit Folder Levels option allows you to specify up to how many levels the folders should be scanned. This can be helpful, for example, if the permissions are only inherited after a certain level.

    • Scheduled NTFS analyses: To consider drives or shares that have not yet existed during scheduling of the inventory (Docusnap Server or Docusnap Discovery Service), the checkbox For scheduled NTFS analyses: Automatically inventory permissions of new drives/shares from already selected systems can be activated. With this option, for systems where drives or shares have already been selected, additional drives or shares are searched for during the inventory and these are inventoried as well. If drives or shares are excluded from the list, they will still not be inventoried. If a filter is entered in the Drive column, newly found drives or shares are only inventoried if they match the filter.

    If you wish to exclude a directory from the inventory scan, you can specify this exclusion in the NTFS Filter dialog. When you add a directory to this list, all its subdirectories will be excluded from the analysis as well. For example, this is helpful for user profiles or temporary Internet directories.

    NTFS inventory ignores junction points.


    Summary Page

    All systems and drives to be inventoried will be listed on the Summary page.


    By using the scheduling feature, you can specify a later time for the automatic start of the permission scan. In the scheduling window, you can indicate whether the scan should be performed only once or repeatedly.

    In order to use this feature, the Docusnap Server component must be configured on a system in the network.


    After the process has started, this page will display the progress of the inventory scan. If you wish to abort the inventory process, click the Cancel button. The NTFS permissions of all scanned systems with the Completed status will be written to the database. Permissions for systems where the scan process has not yet been completed will not be saved.

    Summary Page

    The Report page displays how many systems have been successfully inventoried. To exit the wizard, click the Close button.