Walk any directory tree, report full NTFS permissions at every level — explicit, inherited, effective. Flag world-readable shares, Everyone with write, broken inheritance, and orphaned SIDs. Hand the report to your auditor.
Unreadable, not audit-ready, and your compliance team has no idea what they're looking at.
$5K+ per year for agent-based tools with complex deployments. You don't need continuous monitoring. You need a quarterly audit report.
They dump raw ACLs and call it done. You still have to manually sift through thousands of entries to find the ones that are actually dangerous.
Compliance auditors ask "who has access to what?" and you need a formatted, timestamped answer — not a screenshot of folder properties.
Everyone or Authenticated Users has FullControl or Write access to a directory.
Inheritance broken without clear justification. Orphaned SIDs (deleted accounts with ACEs remaining).
Domain Users has modify rights to sensitive paths. SYSTEM with explicit FullControl on user data.
Permission depth exceeds 5 levels of explicit overrides. Complex but not necessarily dangerous.
Trial scans up to 100 paths. Pro scans everything with full risk flagging.