File Server Access Rights

There are two reasons why managing access rights on Microsoft® File Servers is a tedious task: For one thing, the given standard tools provide only very rudimentary reporting functions. Secondly, organizing those access rights is just a highly complicated undertaking that requires a lot of time and a lot of clicks.

Required License

Reporting

Most admins will know this pain: You want to generate a report that shows who has access to one or more specific folders and, in doing so, you realize, yet again, that the tools you’re working with are less than sufficient for the task. The display options are primitive and there is no efficient way of visualizing folder access rights across several nesting levels.

Luckily, there is a remedy for this pain and it is called tenfold. tenfold features a cozy, explorer-style interface in which users (admins, folder owners) can select the desired folder on the file server. tenfold then presents the set groups and users for each permission in a clear and well-structured manner. By representing the effective access rights (including inheritances and nested groups), users can easily monitor any access rights to their folders. tenfold also makes it possible to determine the areas to which users and groups have effective access rights. To optimize these processes further, tenfold sends out periodic automated PDF evaluations by e-mail.

Administration

Managing access rights on file servers using the provided standard tools can be very difficult. The trickiest part is sticking to Microsoft®’s best practices (AGDLP principle) because each step requires you to create and set the relevant access right groups manually. This is not only time-consuming, but also increases the potential for errors immensely. tenfold, on the other hand, creates all necessary groups and structures automatically. Which means: no more repetitive and tedious manual efforts. No more stress. Just some dragging and some dropping. The rest is automated.

Self-Service & Workflows

As opposed to tenfold, the standard Windows tools do not support workflows for assigning access rights, even though most companies would definitely benefit from having this resource. Compliance regulations demand that data owners (i.e. persons who are responsible for certain folders or data) must grant permission before an access right can be assigned. The regulations further stipulate that this process of approving and assigning permissions must be well documented, in case there are questions about when, why or by whom an access right was granted later on. tenfold uses approval workflows to cover these complicated processes and, in doing so, allows data owners, supervisors and IT departments to always be fully integrated into all steps involved. It uses automated emails to inform data owners about approval requests or any other actions that may be required.

Automatic Problem-Solving Skills

tenfold’s Problem Dashboard informs administrators automatically about any problems concerning the Active Directory® and file servers. Problems may include: detection of orphaned SIDs, circular references in group assignments, interrupted inheritance or full access to non-administrators. The so-called “solution assistants” will find the appropriate solution for each problem and resolve it immediately.

Feature Descriptions

Analysis

  • Report: Who has access to what folders and subfolders? (Many customizable settings)
  • Report: Where do users have effective access? (Including direct user permissions and group permissions, even if groups are nested)
  • Data history stored in tenfold database

Management

  • Administrative function which allows you to view and edit permissions live. Administrators can be assigned the necessary permissions individually for each file server
  • Enable folders for self-service: you can make all folders down to a certain defined level available for request or just make individual folders available, regardless of their level within a folder structure
  • Determine data owners and configure workflows for approval of permission requests
  • Standard functions, like creating and deleting folders or changing folder names

Technical Mapping

  • Group structures in accordance with AGDLP, AGGP or AUUP models are created and maintained automatically
  • Necessary list groups are generated automatically to enable browsing function for users
  • Configurable group naming conventions
  • Configurable organizational units in Active Directory for filing groups
  • New permission level “Modify Plus“ to prevent folders from being moved accidentally

Synchronization

  • Periodical import of file servers to maintain up-to-date overview of status quo in tenfold (imports can be done either on demand or at a set time)
  • Modifications not done in tenfold are recorded and evaluated

System Requirements

For successful file server integration with tenfold, the following system requirements apply:

  • Access to file servers through a UNC path via SMB or CIFS
  • Supported file servers include Microsoft Windows, NetApp®, EMC® (or similar)
  • Permissions are assigned through ACL based on Active Directory objects
  • Service account with full access to file servers intended for integration

Note: File servers based on Novell or UNIX/Linux systems (ext4, xfs, etc.) are not supported.

Flexible options

Report: User access rights

Fileserver Access Rights – Administration made simple

Request a free trial

It has never been easier to manage and keep track of your users and their access rights in one centralized software. Administrators, managers and your company as a whole will benefit from tenfold, as it provides a transparent overview of all access rights. tenfold can help you comply with standards, like ISO 27000, BSI, etc., and offers worthwhile functions for managing users and access rights.

Request trial