The Ultimate File System Permissions Reporting Solution

Consider a network share with a complex directory structure utilized by hundreds or thousands of your employees. Typically, file system permissions allow the users exclusive access to their home folders and profile directories. Some task-specific folders contain data that must be accessible only by workers of specified departments, while other public storage areas are openly available to all users.

From the system administrator's perspective, the main permissions issue is the proverbial "Access Denied" red sign reported by users. The remedy is readily available - the folder's Access Control List, the "Add" button or, using a more scalable approach, the addition of the user to an Active Directory group.

However, when approached using the data security perspective, this approach might be one of the more worrying trends affecting the integrity and confidentiality of data in your enterprise. A system administrator I know once pointed out that throughout his long career in the field he has received numerous requests to grant file system permissions to different users, while he could not remember a single time he was asked to remove or reduce permissions. This cumulative trend inevitably leads to excessive permissions, which in turn can result in unauthorized data access, data theft, loss of essential business information and privacy breaches.

The continuous growth of access lists also presents the risk of potential performance degradation. As more users and group are added to Access Control Lists, their enumeration takes time and CPU cycles, which eventually results in slower access to network shares and negative impact on application performance.

The file system's usage trends also suffer from the adverse effects of incorrect or uncontrolled permissions. Users start saving excessive data to inappropriate locations, redundant copies of the same data become scattered all over the file system and complex directory structures wildly grow to further complicate the task of rapidly accessing the required information from the network shares.

Undoubtedly, a proactive approach is necessary in order to prevent these and other unwanted results. Active Directory security groups, if used in accordance with the recommended strategies, allow the file system administrators to configure resource access in an efficient manner. If correctly preserved and utilized, NTFS permissions inheritance may simplify the directory structures and reduce the impact of ACL computation. Drive mappings, folder redirection, accessible shortcuts and user education - if proficiently planned and implemented all these may assist in creating a more manageable and healthy file system.

However, most system administrators and InfoSec professionals do not have the opportunity of planning their organization's file system usage from scratch. And in dealing with existing file servers, the first stage of resolving and preventing the issues mentioned above is a acquiring a detailed map of all existing permissions.

Smartx – Leading NTFC permission report software download free and try it now.