+49 30 3642803 0 | info@permsecure.com​

permSECURE - permSUITE

permSUITE

permSUITE is a collection of useful tools to perform various activities on file shares. The components of permSUITE are designed to conceptualize, prepare and execute a fast and clear file server optimization. For this purpose, permSUITE includes three essential modules to provide different customization paths. With the different modules one is enabled to read out permissions of folder structures, to set new permissions or to remove old permissions from the folders.

permREADER

The permREADER is used for reading the permissions of inventory shares. Starting from a fileshare, the permREADER reads all folders and their permissions recursively and writes this information to a  .csv file. Within the file you can analyze the individual permissions and the detailed information (inheritance, propagation …).

The permREADER works quite simple. It is a portable app that can be easily run on a server or client with administrative permissions. Then a console window opens where a UNC share has to be entered. Subsequently, permREADER scans the folder structures and their permissions and outputs them in a .csv file.

Usually the scan of a file share is also the starting point for a file server optimization. Based on the scanned permissions, the .csv file can be adapted to your own needs and the permissions can then be rolled out with the permWRITER.

permWRITER

With permWRITER, permissions can be reassigned to file shares based on a .csv file according to common Microsoft best practices.

In a .csv file, one defines the individual folders and the permissions required on them for individual user or group objects (e.g. folder “\Server\Share\Departments\Purchasing” should receive a “Change” permission for the AD group “Purchasing”).

The permWRITER would then create the required permission group in the Active Directory, as well as the necessary list permissions (these ensure that the members of the AD group “Purchasing” from the previous example are able to navigate to the folder “Purchasing”), nest the correct members in the created groups and write the permission groups to the folder in the ACL.

The permWRITER comes with the following features:

  • Creation of the required Active Directory groups

  • Creation of permissions according to Microsoft best practices

  • Creation of list permissions on the first three folder levels (for lower permissions, the permission group continues to be used as a list permission so as not to unnecessarily affect the Kerberos token)

  • free definition of the group name scheme

  • free definition of the group type (global, domain local, universal)

The permWRITER supports different customization paths. The preferred path is usually always the cleanup for a new, empty target share. This has the advantage that granting permissions is much faster.

The application is also able to add new permissions to existing shares. However, the old permissions on the inventory share must be cleaned up afterwards using permREMOVER.

The permissions created with permWRITER are 100% compatible with tenfold and can be used immediately!

permREMOVER

If you have decided to transfer to a new, empty target share and want to change your permissions on the folders only according to Microsoft best practices, you must remove the old permissions after assigning the new permissions.

The permREMOVER is used to remove permissions on shares. To do this, you only have to tell permREMOVER a UNC share, which it then recursively checks for explicitly set permissions and removes them. Thereby a whitelist is considered, over which one can control, which of the permissions on the folders remain.

The permREMOVER has the following features:

  • Withdrawal of explicit permissions on a fileshare

  • Whitelist for accounts that should not be removed

Would you like to learn more about our application or do you need support for your file server optimization? Feel free to contact us and make an appointment!

Functions - Overview

Microsoft Best Practice
Permission Assignment

Assign your NTFS permissions according to Microsoft best practice.

Support and Creation of List Permissions

Fully automatic creation of list permissions for permissions lower than folder level 1.

Read out all NTFS Permissions
from File Shares

Read all your NTFS permissions of your file shares and output them to a .csv file.

Removing obsolete Permissions
on File Shares

Remove permissions on your file shares that are no longer needed.

Why permSUITE?

More Transparency

Visualize your NTFS permissions and see at a glance where optimization potentials lurk.

More
Transparency

Visualize your NTFS permissions and see at a glance where optimization potentials lurk.

More
Transparency

Visualize your NTFS permissions and see at a glance where optimization potentials lurk.

Prepare your new permissions and have the new permission groups automatically created in Active Dirtectory and written to the ACLs.

More Efficiency

Prepare your new permissions and have the new permission groups automatically created in Active Dirtectory and written to the ACLs.

More
Efficiency

More
Efficiency

Prepare your new permissions and have the new permission groups automatically created in Active Dirtectory and written to the ACLs.

More Protection

Protect yourself from unwanted access and increase your security by cleaning up your NTFS permissions.

More
Protection

Protect yourself from unwanted access and increase your security by cleaning up your NTFS permissions.

More
Protection

Protect yourself from unwanted access and increase your security by cleaning up your NTFS permissions.

The newly created NTFS permissions are 100% compatible with tenfold and can be transferred to it and further managed at the push of a button.

More Control

The newly created NTFS permissions are 100% compatible with tenfold and can be transferred to it and further managed at the push of a button.

More
Control

More
Control

The newly created NTFS permissions are 100% compatible with tenfold and can be transferred to it and further managed at the push of a button.