File Server Scanning Overview
Access Analyzer scans file servers over SMB to map share permissions, folder-level ACLs, and file ownership across your environment. It can also scan file contents to locate sensitive data and, if activity monitoring is configured, track file access events over time. Reports surface open access, broken inheritance, direct user permissions, and sensitive data exposure — giving security and compliance teams the visibility they need to reduce unnecessary access and meet data protection requirements.
Supported platforms
Access Analyzer scans any SMB-compatible file server. For platform-specific requirements, see the connector page for your environment:
- CIFS / SMB File Share — Windows file servers and Samba
- NetApp ONTAP
- Dell Isilon / PowerScale
- Dell Unity
- Dell EMC VNX
- Dell EMC Celerra
Prerequisites
Before setting up a file server source group, confirm that your environment meets the requirements below. The source group wizard connects to your file servers over SMB, so the Access Analyzer server must be able to reach them on the network and a service account must be available with read access to the shares you want to scan.
Service account
Access Analyzer uses a service account with a username and password to authenticate against your file servers over SMB and enumerate shares, permissions, and file contents. The account needs read access to the shares and permission to read object security descriptors.
See Username and Password to create the service account and CIFS / SMB File Share for the full permission requirements.
Network requirements
| Port | Protocol | Destination |
|---|---|---|
| 445 | TCP | File servers in the source group |
Before you begin
- The hostname or IP address of each file server you plan to add.
- A Username and Password service account created in Access Analyzer with read access to the target file servers.
- Network connectivity from the Access Analyzer server to port 445 on each file server confirmed.
When you add a file server source group, Access Analyzer automatically creates a Local Users and Groups scan for each host. This scan collects local user and group accounts directly from the file server and runs alongside your Access and Sensitive Data scans.
File activity reports — including open, modify, and delete events, and anomaly detection — require a separate Netwrix Activity Monitor deployment. Without Activity Monitor, activity-related reports will show no data. See File Activity Monitoring for details.