Cleaning up AD permissions is a big task for most organizations when it comes to security, and Netwrix Auditor already provides a lot of insightful information such as empty security groups or users with excessive access rights.
Is there a way with Netwrix Auditor to locate groups in AD that are not used for permission on the file server and therefore could be deleted if their only purpose is to control access to the file server? It would be a two steps process: 1) list all groups used to set permission on file server. 2) list all AD groups and exclude the one present in the first list.
Netwrix Auditor is great for tracking changes, but its state-in-time featuresâlike viewing permissionsâcould be improved to help companies optimize them more easily.
For example, the âExcessive Access Permissionsâ report shows users, but not the groups. Since most companies manage permissions through groups, it would be more helpful if the report listed groups instead of just individual users.
Thanks for the question. Netwrix Auditor does have the ability to be able to tell you about Empty Security Groups but not groups that are not being used for File Server permissions. We do have a module called Access Reviews which can review the membership of your AD groups as well as the membership of File Servers and allow others to sign off on those but it also wouldnât be able to tell you if a group was not being used for File Server permissions.
I would recommend leaving a Feature Request on our new Ideas Portal for Auditor. Iâll include the link below. This would require us having to take data from File Server plans and combine them with data from Active Directory plans but it does sound like a feature that could be useful.
