Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


File Permission Management Software

Posted on 2008-06-17
Medium Priority
Last Modified: 2012-05-05
We've been searching for software that will help us manage our file/folder permissions with Active Directory users/groups.

We've seen a demo by Varonis DatAdvantage and it's very impressive.  The price tag is not:  $70,000 initial fee, then $14,000 after that per year.  We have ~650 users.

Are there any competitors or software similar to this?
Question by:trippleO7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21806793
You can do it with built/in functionality in Active Directory by creating GPOs and setting the necessary permissions in Computer Configuration\Windows Settings\Security Settings\File System
Right-click and choose Add File
Browse to the folder for existing paths on the current computer or add a manual path in the input field for paths that doesn't nead to exist.
Click ok and choose the necessary permissions..

Link the GPO to an OU with computer objects.

Author Comment

ID: 21807003
Thanks for the reply.  We're looking more towards software that would allow us to basically click on a file, see the permissions (similar to what's built-in to a Windows OS), and then go a step further to be able to click on a user or group to be able to see what folders they have permission to and what level of permission.  Then to be able to make changes on the fly as needed.

It would serve as a Auditing and Security compliance, as well as permission management.  I hope that explains it in better detail.

An example would be:  The head of HR comes down and requests to see if a certain person has access to a particular folder, or to see everything this person has access to, on the network, it's proving to be difficult for us (IT Dept) to gather that information.

Another example would be:  One person leaves the company and a replacement is hired.  We are given the task of granting this new person access to everything the previous employee had access to.  It seems nearly impossible to complete this type of request.

LVL 31

Accepted Solution

Henrik Johansson earned 500 total points
ID: 21807163
Yes, reporting is always an issue...
Take a look on Hyena, www.systemtools.com, which maybe does what you want.

When replacing a user to give the new user the same permissions, just rename him to keep the SID or always use groups when setting permissions. Setting permissions directly to an user will be easy for the moment, but will be a real pain in the future when neading to clean up and remove permissions.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 58

Expert Comment

ID: 21807290
Hyena will do the job of showing you what resources, files and folders a user has access to on the network, and it's not as expensive.

>> "We are given the task of granting this new person access to everything the previous employee had access to"
It would be a lot better if you created groups to do this sort of thing. You would assign all of your common permissions say for a particular department to one security group, then just make users a member of that group and use the GROUP on the NTFS security over the folders. Doing this means you keep things tidy by not defining individual user accounts on the file system, and for the replacement user, you just need to make them a member of the same groups and all permissions will be inherited down to them.


Author Comment

ID: 21807355
Thanks.  I didn't know Hyena had this capability.  We actually own a license of it so I will be checking it out.  I'm able to see which users/groups have permissions to a particular folder, but not the opposite.  I'll have to look at how to do this.

The group thing is what got us started looking at a solution like this.  We have too many folders with individual user accounts and we have a security overhaul starting in the next few months.
LVL 58

Expert Comment

ID: 21807374
>>> "a security overhaul starting in the next few months."
It will be for the better, I can guarantee!

Good luck with Hyena, please post back how you get on.

Author Closing Comment

ID: 31468093
I haven't figured out how to check a user/group within Hyena to verify which shares it has access to, but I have an open question on the Hyena Forums about it.  I will post back what I find out.  

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. Theā€¦
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question