Using Quick Analyses
3 minute read
Quick Analyses: Find Critical Permissions with One Click
Docusnap365 offers a range of predefined quick analyses in the analysis section that specifically check for security-critical patterns in your NTFS structure. These analyses provide immediately actionable insights without requiring you to set manual filters.
Advantage: You get fast answers to key security questions – ideal for audits, permission reviews, or cleanup initiatives.
How to Access Quick Analyses
In the left navigation area of an open analysis, you’ll find the Quick Analyses section. Clicking on one of the available analyses automatically filters all relevant directories or principals – including detailed permission views.
Screenshot: Quick Analyses in the Analysis Section
Overview of Quick Analyses
Inheritance Disabled
Shows all directories where NTFS permission inheritance is disabled. This is often a sign of exceptions or manual changes – for example, in confidential areas.
Relevance: Interrupting inheritance often leads to hard-to-trace permissions.
Explicit Permissions
Lists all objects with directly assigned permissions (not inherited). Especially useful to identify deviations from standard permissions – such as manual shares granted by the helpdesk or admins.
Typical use case: Review of exceptions in the permission model.
Disabled User Accounts
This analysis shows all user accounts that have been disabled but still have permissions. A frequent audit finding – especially after employee exits or restructuring.
Tip: These accounts should be regularly cleaned up.
Permissions from Foreign Domains
Displays principals that do not originate from your own domain – e.g., from partner, test, or migration environments. Such foreign objects are often difficult to trace or no longer valid.
Warning: Foreign domain access often poses high security risks.
Unresolvable SIDs
When a user account or group can no longer be resolved, only the numeric SID remains visible. This typically happens when:
- an account was deleted
- the domain is no longer reachable
- the entry is a historical remnant
Recommendation: Document unresolvable SIDs and assess whether cleanup is advisable.
Authorized Security Principals
Displays a complete list of all users and groups that have access to analyzed resources – including local groups and AD principals. Ideal for a principal-centric overview.
Benefit: A solid basis to trace user rights or check for unwanted group memberships.
Summary: Value of Quick Analyses
| Analysis | Insight Provided | Typical Use Case |
|---|---|---|
| Inheritance Disabled | Special rights or manual exceptions | Check for deviations from the standard model |
| Explicit Permissions | Directly assigned special permissions | Helpdesk actions, project rights |
| Disabled Accounts | Former users with remaining access | Audit, recertification |
| Foreign Domains | Permissions from untrusted sources | Security, consolidation |
| Unresolvable SIDs | Unknown or orphaned access rights | Cleanup, data migration |
| Security Principals | Overview of all authorized entities | Permission review, information requests |