File Server Migration: Get Your File Server Back in Shape Now!
Microsoftยฎย Windowsย is to IT departments likeย air is to humans. Well, maybe not quite as dramatic, but you really couldnโt imagine one without the other. And using Windows inevitably means youโll be dealing withย permissions, too โ and lots of them! Permissions in theย Active Directory, permissions onย file serversย and permissions onย NTFS shares. Itโs permission heaven! Or permission hell? Youโll know when youโre up for your nextย compliance audit. That is the point when organizations often realize they have no clueย whoย hasย what permissionsย andย why.
Their angst-ridden quest for a quick solution then leads them to file server migration. The term โmigrationโ suggests we can Marie-Kondo our way out of the chaos โ declutter, chuck out what doesnโt โspark joyโ, and move the permissions we want and need to keep to a clean and tidy environment. Problem solved!
But what if I told you, you donโt need a file server migration tool to reorganize your file servers? Read on to learn how you can keep your file servers clean and tidy using IAM software.
File Server Migration โ Whatโs That?
File server migration basically means relocating all your shared folders, files and security settings from your old file server to a new location, usually another file server. There are numerous reasons why companies decide to perform a file server migration.
One such reason could be that the old file server simply doesnโt provide enough space anymore for the growing amount of data. Some organizations want to replace their physical server with a virtual one. And ever since Microsoftโs proclaimed cloud-only approach, the term โfile server migrationโ can also refer to the use of Azure files or moving to Azure.
What Is a File Server Migration Tool?
โFile server migration toolโ is not a defined term. It usually refers to services that aid companies in migrating, i.e. relocating, their file server contents. File server migration tools are mostly employed by larger organizations because, not only do these tools take care of the migration process itself, they also clean up the file servers as they go along.
This is important because, no matter how organized your file storage was to begin with โ if youโre not applying AGDLP accurately and using consistent terminology, you will end up with a chaotic file server.
In short, file server migration tools remove incorrect permission structures and guarantee that companies can continue working in a clean and organized environment.
Where Does the Chaos on File Servers Originate From?
Microsoftยฎ recommends using the AGDLP principle for managing file servers and to implement role-based access control (RBAC) in Windows Domains. Unfortunately, Microsoftยฎ has failed to provide admins with adequate tools to automate the processes demanded by the principle.
The consequence is that admins are still having to implement AGDLP manually, which obviously makes mistakes more likely to happen. In smaller companies with fewer employees, it probably is feasible to do it all manually โ provided your admin is really meticulous and uses consistent terminology.
Too Many Admins Spoil the File Server
The more admins you have, and the more locations and departments theyโre having to look after, the more mistakes are inevitably going to happen. And with every year that passes since the initial file server set up, the more conjumbled the permissions on these file servers are going to become.
Another problem associated with manual access management are incorrect NTFS permissions. Common mistakes include:
Giving usersย direct accessย to folders instead of viaย group membership. If you do this and these users are laterย deletedย from the AD, youโre going to be left withย orphaned SIDsย on the folder.
Usingย organizational groupsย asย permission groups, which is detrimental toย transparencyย and canย alsoย lead toย orphaned SIDs.
Using permission groupsย more than onceย and/orย nesting themย gives usersย more rightsย than they need.
Failure to useย names and termsย consistently. Usingย incorrectย orย misleadingย names for permission groups make it harder to understand connections betweenย foldersย andย groups.
Settingย list rightsย incorrectly or not using them at all. The consequence is that users eitherย cannot accessย the folders theyย doย have permission for, or theyย can accessย folders they areย not supposedย to be able to access.
Bad Structures Lead to Privilege Creep
Uncontrolled file server growth, ignored naming conventions and wrongly used and/or nested permission groups are not just detrimental to transparency, they also put your data at risk. One such risk is a so-called privilege creep, which is when users collect more privileges over time than they should.
The privilege creep is further exacerbated in companies that use reference users (or template users): this is when a new person joins the company and the admin, instead of creating an entirely new user with all the necessary Active Directory privileges for that person, simply copies an existing user (who then becomes the reference or template user) belonging to a person with a similar job description.
If the reference user already has excess privileges (e.g. due to nested permission groups), these will be passed on to the new user. In essence, the more you rely on reference users, the more you are putting your data and company at risk!
Overprivileged users are one of the most common mistakes in Active Directory security.
Incorrect Privileges Make It Harder to Protect Data
A privilege creep is bad for internal data protection, of course. If nobody can keep track of who has access to what resources and data, the risk of employee data theft rises significantly.
But a privilege creep also makes it harder to protect data against outside attacks. The more privileges users have, the worse the effects of malware or ransomware attacks and phishing mails can be.
IMPORTANT! Organizations suffering from chaotic file servers cannot fall back on cyber insurance as a means to protect themselves against hacker attacks!
This is because cyber insurance providers require you to prove you have some kind of IT security concept in place, including the regulation of access to resources.
Clean Up File Server, Close Security Holes
You donโt need a file server migration tool to tidy the structures on your file server and close potential security holes. What you do need is software that automates file server access management in accordance with best practices.
Of course, you can try to clean up your file server manually or get it serviced and have the correct structures set up for you. However, you will probably be facing the exact same problems within a year or maybe two, at best.
Your best option is therefore to FIRST choose a product that automates access management and THEN adapt the old structures (if still needed). This way, you can ensure that:
new access rights are only assigned according theย principle of least privilegeย andย compliance demands.
uncontrolledย file server growth is prevented.
your recently cleansed structures canย migrate smoothlyย to the new software.
that no (supposedly) moreย urgent projectsย and/orย budget issuesย delay the deployment of the new software/tool, making the transitionย more difficultย and possibly exposing newย security vulnerabilities.
File Server Cleanup Withย tenfold
tenfold is identity and access management software that guarantees automated and compliant management of access rights, both on premises and in the cloud. That means tenfold manages permissions not just on file servers, but also permissions in Active Directory, Azure AD, Exchange (Online) and Sharepoint (Online).
tenfold thus makes manual access management obsolete and brings order to your file servers. Once set up, admins and users only have to configure the desired permission level and tenfold takes care of implementing the AGDLP principle in the domain correctly and automatically.
Reporting on Status Quo and Effective Permissions
The current state of your file server โ be it messy, ultra messy or pure mayhem โ has no influence on the deployment of tenfold. Once installed, tenfold will automatically assign new access rights in accordance with best practices. Additionally, the reporting feature will inform you of the current access structure and effective permissions on you file server.
The tenfold dashboard highlights existing problems on your file server and Active Directory and can automatically fix many common issues, such as empty AD groups, broken up inheritance or directories with directly privileged users.
While tenfold cannot fix long-standing problems with your file server all by itself, it will assist you in gradually smoothing out these issues once installed. For instance, by submitting all non-standard permissions to regular user access reviews by the relevant data owner, outdated and unnecessary permissions are automatically removed once they fail the recertification process.
In case the old structures are too complex and/or you donโt have the time to clean them up manually using tenfoldโs reports, there is an add-on available you can use to help you with the file server cleanup or file server migration.
tenfoldย as File Server Migration Tool
File server cleanup or file server migration can be achieved using an add-on that can be licensed in addition to tenfold. tenfold can generate hundreds of permission groups and list permissions in the Active Directory for thousands of users across numerous directories. These are then linked and the ACLs rebuilt accordingly.
The file server migration tool analyzes your current folder and permission structure and produces reports on any problems (e.g. overly complex directory structures, incorrect permissions, orphaned AD objects or recursive group memberships). It then eliminates these problems and cleans up the structures.
File Server Migration
If you install tenfold plus add-ons, not only can you rebuild your authorization structure, but, if required, the software will also take care of file server migration.
What Are the Steps in File Server Migration/Cleanup Withย tenfold?
Licenseย tenfoldย plus file server migration add-on
Install and configure software
Add-on analyzes current structures, produces reports and tidies old structures.
tenfoldย establishes a compliant permission structure across all levels.
You can now migrate your file servers with neat structures and automated permission management.
Why Useย tenfoldย for File Server Migration?
tenfold access management is specifically geared toward mid-market organizations. Our approach is pragmatic. We translate complex matter into user-friendly matter. Our aim is to ensure that ALL tenfold users between IT and HR can use our product efficiently and with ease.
File server management with tenfold enables you to stay in line with internal and external compliance regulations, such as the GDPR, HIPAA and the SOX Act.
File Server Migration as Part of the tenfold Installation
Find out how to restore order on your file servers when deploying tenfold in just four easy steps.