File Server Migration: Get Your File Server Back in Shape Now!

Their angst-ridden quest for a quick solution then leads them to file server migration. The term “migration” suggests we can Marie-Kondo our way out of the chaos – declutter, chuck out what doesn’t “spark joy”, and move the permissions we want and need to keep to a clean and tidy environment. Problem solved!

But what if I told you, you don’t need a file server migration tool to reorganize your file servers? Read on to learn how you can keep your file servers clean and tidy using IAM software.

File server migration basically means relocating all your shared folders, files and security settings from your old file server to a new location, usually another file server. There are numerous reasons why companies decide to perform a file server migration.

One such reason could be that the old file server simply doesn’t provide enough space anymore for the growing amount of data. Some organizations want to replace their physical server with a virtual one. And ever since Microsoft’s proclaimed cloud-only approach, the term “file server migration” can also refer to the use of Azure files or moving to Azure.

“File server migration tool” is not a defined term. It usually refers to services that aid companies in migrating, i.e. relocating, their file server contents. File server migration tools are mostly employed by larger organizations because, not only do these tools take care of the migration process itself, they also clean up the file servers as they go along.

This is important because, no matter how organized your file storage was to begin with – if you’re not applying AGDLP accurately and using consistent terminology, you will end up with a chaotic file server.

Microsoft^® recommends using the AGDLP principle for managing file servers and to implement role-based access control (RBAC) in Windows Domains. Unfortunately, Microsoft^® has failed to provide admins with adequate tools to automate the processes demanded by the principle.

The consequence is that admins are still having to implement AGDLP manually, which obviously makes mistakes more likely to happen. In smaller companies with fewer employees, it probably is feasible to do it all manually – provided your admin is really meticulous and uses consistent terminology.

The more admins you have, and the more locations and departments they’re having to look after, the more mistakes are inevitably going to happen. And with every year that passes since the initial file server set up, the more conjumbled the permissions on these file servers are going to become.

Another problem associated with manual access management are incorrect NTFS permissions. Common mistakes include:

Uncontrolled file server growth, ignored naming conventions and wrongly used and/or nested permission groups are not just detrimental to transparency, they also put your data at risk. One such risk is a so-called privilege creep, which is when users collect more privileges over time than they should.

The privilege creep is further exacerbated in companies that use reference users (or template users): this is when a new person joins the company and the admin, instead of creating an entirely new user with all the necessary Active Directory privileges for that person, simply copies an existing user (who then becomes the reference or template user) belonging to a person with a similar job description.

If the reference user already has excess privileges (e.g. due to nested permission groups), these will be passed on to the new user. In essence, the more you rely on reference users, the more you are putting your data and company at risk!

A privilege creep is bad for internal data protection, of course. If nobody can keep track of who has access to what resources and data, the risk of employee data theft rises significantly.

But a privilege creep also makes it harder to protect data against outside attacks. The more privileges users have, the worse the effects of malware or ransomware attacks and phishing mails can be.

This is because cyber insurance providers require you to prove you have some kind of IT security concept in place, including the regulation of access to resources.

You don’t need a file server migration tool to tidy the structures on your file server and close potential security holes. What you do need is software that automates file server access management in accordance with best practices.

Of course, you can try to clean up your file server manually or get it serviced and have the correct structures set up for you. However, you will probably be facing the exact same problems within a year or maybe two, at best.

Your best option is therefore to FIRST choose a product that automates access management and THEN adapt the old structures (if still needed). This way, you can ensure that:

tenfold is identity and access management software that guarantees automated and compliant management of access rights, both on premises and in the cloud. That means tenfold manages permissions not just on file servers, but also permissions in Active Directory, Azure AD, Exchange (Online) and Sharepoint (Online).

tenfold thus makes manual access management obsolete and brings order to your file servers. Once set up, admins and users only have to configure the desired permission level and tenfold takes care of implementing the AGDLP principle in the domain correctly and automatically.

The current state of your file server – be it messy, ultra messy or pure mayhem – has no influence on the deployment of tenfold. Once installed, tenfold will automatically assign new access rights in accordance with best practices. Additionally, the reporting feature will inform you of the current access structure and effective permissions on you file server.

The tenfold dashboard highlights existing problems on your file server and Active Directory and can automatically fix many common issues, such as empty AD groups, broken up inheritance or directories with directly privileged users.

While tenfold cannot fix long-standing problems with your file server all by itself, it will assist you in gradually smoothing out these issues once installed. For instance, by submitting all non-standard permissions to regular user access reviews by the relevant data owner, outdated and unnecessary permissions are automatically removed once they fail the recertification process.

File server cleanup or file server migration can be achieved using an add-on that can be licensed in addition to tenfold. tenfold can generate hundreds of permission groups and list permissions in the Active Directory for thousands of users across numerous directories. These are then linked and the ACLs rebuilt accordingly.

The file server migration tool analyzes your current folder and permission structure and produces reports on any problems (e.g. overly complex directory structures, incorrect permissions, orphaned AD objects or recursive group memberships). It then eliminates these problems and cleans up the structures.

If you install tenfold plus add-ons, not only can you rebuild your authorization structure, but, if required, the software will also take care of file server migration.

tenfold access management is specifically geared toward mid-market organizations. Our approach is pragmatic. We translate complex matter into user-friendly matter. Our aim is to ensure that ALL tenfold users between IT and HR can use our product efficiently and with ease.

File server management with tenfold enables you to stay in line with internal and external compliance regulations, such as the GDPR, HIPAA and the SOX Act.