Fileshare permissions at a glance
Transparency at any time
Are you wondering what your users can effectively access on your NTFS-secured file servers?
go:Identity shows you fileshare permissions in the context of identities by relating the NTFS permissions to the actual memberships in AD groups.
Display by Identity
- Which shares does the identity have access to?
- What are its rights?
- By which AD group does it have access to?
- About group-in-group?
- Via direct account authorization?
Display by Folder
- Who has access?
- Based on which group?
- Or through direct account authorization?
- With which rights?
Processing
- Read file shares of any depth.
- Start scans on any part of your file server.
- Schedule scanning regularly.
- Use the data in reporting.
Do you know this problem?
You want to know what your users have effective access to on your file servers secured by Active Directory® group permissions.
You know the groups in which your users' accounts are. You can check this in the AD administration. But that says nothing about the actual permissions on the file servers:
-
The actual authorizations are stored in the so-called ACLs (for Access Control List).
-
Permissions can also be assigned directly to users' AD accounts without group permissions being involved.
-
"Groups-in-groups" constructs can give unwanted authorizations that are not immediately visible.
In principle, you can only obtain suitable information on file shares if you link the access control list information to AD users with their accounts, group memberships and personal information.
This is very difficult to do without manual effort or other expensive tools.
This is exactly where go:Identity helps
go:Identity now offers display and analysis functions for fileshare authorization in the context of identities and their authorizations in the Active Directory:
-
For identities, see which effective fileshare access rights they have.
-
See the directories on your file servers and who has which access to them.
-
For example, you can also identify dangerous direct account permissions.
Everything you need for this is already included in the IDM appliance go:Identity. Details on go:Identity can be found here.
Not just another tool that provides you with additional lists, but all information in a central place: in the central authorization view of your identities.
Benefits for You
Answer questions about effective permissions on files in file shares without any effort.
Prove in audits that your authorizations are under control.
Check enforcement of established rules and expose dangerous exceptions.
For sure?
Are authorizations granted in accordance with the rules and can I provide information about the access rights at any time?
For sure!
I can see who has access to every fileshare folder.