permSUITE – Optimize your file server permissions

permSUITE enables fast and easy file server optimization from conception to preparation and implementation. The three essential modules – permREADER, permWRITER, permREMOVER – make it possible to execute this essential part of fileserver optimization and to read out and reset permissions of folder structures or to remove old permissions from folders.

Request a free demo session with our experts!

permSUITE functions

Read permissions from folder structures

Read all NTFS permissions of your file shares and output them directly to a .csv file to quickly get an overview of the current status of access permissions.

Assign permissions

You can assign list permissions for permissions lower than folder level 1 fully automatically. With permSUITE you can easily assign your NTFS permissions according to Microsoft Best Practice.

Obsolete Remove obsolete permissionsentfernen

Remove permissions that are no longer required on your file shares.

Why permSUITE?

Uncover optimization potential

Visualize your NTFS permissions and see at a glance where there is potential for optimization.

Increased efficiency through automation

Prepare your new authorizations and have the new authorization groups automatically created in the Active Directory and written to the ACLs.

Enhanced protection

Protect yourself against unwanted access and increase your security by cleaning up your NTFS permissions.

Get support with your file server optimization now!

Technical details of permSUITE

permREADER

permREADER is a simple portable app for reading the permissions of file shares. Usually, the scan of a file share is also the starting point for file server optimization.

Starting from a file share, permREADER reads all folders and their permissions recursively and writes this information to a .csv file. Within the file you can analyze the individual permissions and the detailed information (inheritance, propagation …).

The app can simply be executed on a server or client with administrative authorizations, after which a console window opens,  in which a UNC share must be entered. The permREADER then scans the folder structures and their permissions and outputs them in a .csv file. Based on the scanned permissions, you can adapt the .csv file to your own requirements and then roll out the permissions using permWRITER.

permWRITER

permWRITER can be used to reassign permissions to file shares in accordance with current Microsoft best practices.

In a .csv file, you define the individual folders and the required permissions for individual user or group objects (e.g. folder “\\Server\Share\Departments\Purchasing” should receive a “Change” permission for the AD group “Purchasing”). The permWRITER then creates the required authorization group as well as the necessary list authorizations (these ensure that the members of the AD group “Purchasing” from the previous example are able to navigate to the folder “Purchasing”) in the Active Directory, nests the correct members in the created groups and writes the authorization groups to the folder in the ACL.

These features are inclued in permWRITER:

  • Creation of the required Active Directory groups
  • Creation of authorizations according to Microsoft best practices
  • Creation of list authorizations on the first three folder levels (for deeper authorizations, the authorization group continues to be used as a list authorization so as not to affect the Kerberos token unnecessarily)
  • Free definition of the group name scheme
  • Free definition of the group type (global, domain local, universal)

The permWRITER supports various customization paths. The preferred path is usually the cleanup for a new, empty target share. This has the advantage that assigning authorizations is much faster. The application is also able to add new authorizations to existing shares. However, the old authorizations on the existing share must then be cleaned up using permREMOVER.Die mit dem permWRITER erstellten Berechtigungen sind zu 100% kompatibel mit tenfold und können sofort darin übernommen werden.

The permissions created with permWRITER are 100% compatible with tenfold and can be used immediately.

permREMOVER

With permREMOVER, the old authorizations can be removed after new authorizations have been assigned.

If you have decided against transferring your data to a new, empty target share and only want to change your permissions on the folders in accordance with Microsoft best practices, the old permissions must be removed after the new permissions have been assigned.

To do this, you only need to inform permREMOVER of a UNC share, which it then checks recursively for explicitly set permissions and removes them. A whitelist is taken into account, which you can use to control which of the permissions on the folders are retained.

These features are inclued in permREMOVER:

  • Revocation of explicit permissions on a fileshare
  • Whitelist for accounts that should not be removed

More information on the topic