+49 30 3642803 0 | info@permsecure.com
permSUITE – Optimize your file server permissions
permSUITE enables fast and easy file server optimization from conception to preparation and implementation. The three essential modules – permREADER, permWRITER, permREMOVER – make it possible to execute this essential part of fileserver optimization and to read out and reset permissions of folder structures or to remove old permissions from folders.
Request a free demo session with our experts!
permSUITE functions
Read permissions from folder structures
Read all NTFS permissions of your file shares and output them directly to a .csv file to quickly get an overview of the current status of access permissions.
Assign permissions
You can assign list permissions for permissions lower than folder level 1 fully automatically. With permSUITE you can easily assign your NTFS permissions according to Microsoft Best Practice.
Obsolete Remove obsolete permissionsentfernen
Remove permissions that are no longer required on your file shares.
Get the Whitepaper!
Deepen your knowledge with our Whitepaper on NTFS Best Practices.
Why permSUITE?
Uncover optimization potential
Visualize your NTFS permissions and see at a glance where there is potential for optimization.
Increased efficiency through automation
Prepare your new authorizations and have the new authorization groups automatically created in the Active Directory and written to the ACLs.
Enhanced protection
Protect yourself against unwanted access and increase your security by cleaning up your NTFS permissions.
Get support with your file server optimization now!
Technical details of permSUITE
permREADER
permREADER is a simple portable app for reading the permissions of file shares. Usually, the scan of a file share is also the starting point for file server optimization.
Starting from a file share, permREADER reads all folders and their permissions recursively and writes this information to a .csv file. Within the file you can analyze the individual permissions and the detailed information (inheritance, propagation …).
The app can simply be executed on a server or client with administrative authorizations, after which a console window opens, in which a UNC share must be entered. The permREADER then scans the folder structures and their permissions and outputs them in a .csv file. Based on the scanned permissions, you can adapt the .csv file to your own requirements and then roll out the permissions using permWRITER.
permWRITER
permWRITER can be used to reassign permissions to file shares in accordance with current Microsoft best practices.
In a .csv file, you define the individual folders and the required permissions for individual user or group objects (e.g. folder “\\Server\Share\Departments\Purchasing” should receive a “Change” permission for the AD group “Purchasing”). The permWRITER then creates the required authorization group as well as the necessary list authorizations (these ensure that the members of the AD group “Purchasing” from the previous example are able to navigate to the folder “Purchasing”) in the Active Directory, nests the correct members in the created groups and writes the authorization groups to the folder in the ACL.
These features are inclued in permWRITER:
- Creation of the required Active Directory groups
- Creation of authorizations according to Microsoft best practices
- Creation of list authorizations on the first three folder levels (for deeper authorizations, the authorization group continues to be used as a list authorization so as not to affect the Kerberos token unnecessarily)
- Free definition of the group name scheme
- Free definition of the group type (global, domain local, universal)
The permWRITER supports various customization paths. The preferred path is usually the cleanup for a new, empty target share. This has the advantage that assigning authorizations is much faster. The application is also able to add new authorizations to existing shares. However, the old authorizations on the existing share must then be cleaned up using permREMOVER.Die mit dem permWRITER erstellten Berechtigungen sind zu 100% kompatibel mit tenfold und können sofort darin übernommen werden.
The permissions created with permWRITER are 100% compatible with tenfold and can be used immediately.
permREMOVER
With permREMOVER, the old authorizations can be removed after new authorizations have been assigned.
If you have decided against transferring your data to a new, empty target share and only want to change your permissions on the folders in accordance with Microsoft best practices, the old permissions must be removed after the new permissions have been assigned.
To do this, you only need to inform permREMOVER of a UNC share, which it then checks recursively for explicitly set permissions and removes them. A whitelist is taken into account, which you can use to control which of the permissions on the folders are retained.
These features are inclued in permREMOVER:
- Revocation of explicit permissions on a fileshare
- Whitelist for accounts that should not be removed
Get in touch with us
Do you have any questions about our products or services? Do you need support?
We will be happy to help you!
More information on the topic
-
Windows File Shares Configuration – Best Practice
In order to exchange data in companies, various file shares are repeatedly created by IT and published for the users. In the following article, we explain how to create file shares, provide information on the special features that need to be taken into account,…
-
Dark Data – About the Data Load and how to face it
In our customer projects, we repeatedly experience a wide variety of file storage structures. But there is always one common denominator: a very high proportion of legacy data. Data is constantly captured, stored and therefore filed. After some time, nobody thinks about the data…
-
Share Permissions vs. NTFS Permissions – Differences at a Glance
If a company wants to share local resources such as files and folders, it must be possible to control access permissions efficiently and easily. To protect against unwanted access to company data, there are two ways to manage permissions:Share permissions and NTFS permissions. Both are intended…
permSECURE GmbH
Storkower Straße 115 A
10407 Berlin
Germany
Contact
+49 30 3642803 0
info@permsecure.com
MO-FR 08:00–17:00
© 2024 permSECURE GmbH | All rights reserved | Website by .kloos