What is permSUITE?
The permSUITE is a collection of useful tools that can be used to perform various activities on fileshares. The components of permSUITE have been developed to conceptualize, prepare and execute a fast and clear file server optimization. For this purpose, permSUITE includes three essential modules to provide different migration paths. The different modules enables one to read out permissions from folder structures, to set new permissions or to remove old permissions from the folders.
The permREADER is used for reading the permissions of inventory shares. Starting from a fileshare, the permREADER reads all folders and their permissions recursively and writes this information to a .csv file. Within the file one can analyze the individual permissions and the detailed information (inheritance, propagation …).
The permREADER works quite simple. It is a portable app that can be easily run on a server or client with administrative permissions. Then a console window opens, in which a UNC share must be entered. Afterwards, permREADER scans the folder structures and their permissions and outputs them in a .csv file.
Usually, the scan of a file share is also the starting point for a migration. Based on the scanned permissions, the .csv file can be adapted to your own requirements and the permissions can then be rolled out with the permWRITER.
With permWRITER permissions can be reassigned to fileshares based on a .csv file according to common Microsoft Best Practices.
In a .csv file, one defines the individual folders and the permissions required on them for individual user or group objects (e.g. folder “\Server\Share\Departments\Purchasing” should receive a “Change” permission for the AD group “Purchasing”).
The permWRITER would then create the required permission group in the Active Directory, as well as the necessary list permissions (these ensure that the members of the AD group “Purchasing” from the previous example are able to navigate to the folder “Purchasing”), nest the correct members in the created groups and write the permission groups to the folder in the ACL.
The permWRITER comes with the following features:
Creation of the required Active Directory groups
Creation of permissions according to Mircosoft Best Practices
Creation of list permissions on the first three folder levels (for lower permissions, the permission group continues to be used as a list permission so as not to unnecessarily affect the Kerberos token)
Free definition of the group name scheme
Free definition of the group type (global, domain local, universal)
The permWRITER supports different adjustment paths. The preferred path is usually always the transfer to a new, empty target share. This has the advantage that the permissions are assigned much faster.
The application is also able to assign new permissions additively to existing shares. However, the old permissions on the inventory share must be cleaned up afterwards using permREMOVER.
The permissions created with permWRITER are 100% compatible with tenfold and can be used immediately!
If you have decided to transfer to a new, empty target share and want to change your permissions on the folders only according to Microsoft Best Practices, you must remove the old permissions after assigning the new permissions.
The permREMOVER is used to remove permissions on shares. To do this, you only have to tell permREMOVER a UNC share, which it then recursively checks for explicitly set permissions and removes them. Thereby a whitelist is considered, over which one can control, which of the permissions on the folders remain.
The permREMOVER has the following features:
Revocation of explicit permissions on a fileshare
Whitelist for accounts that should not be removed
Would you like to learn more about our application or do you need support for your file server optimization? Feel free to contact us and arrange an appointment!
permSUITE Functions - Overview
Visualize your NTFS permissions and see at a glance where optimization potential lurks.
Prepare your new permissions and have the new permission groups automatically created in the Active Dirtectory and written to the ACLs.
Protect yourself from unwanted access and increase your security by cleaning up your NTFS permissions.
The newly created NTFS permissions are 100% compatible with tenfold and can be transferred and further managed in it at the push of a button.