Solved

File Permission Management Software

Posted on 2008-06-17
7
836 Views
Last Modified: 2012-05-05
We've been searching for software that will help us manage our file/folder permissions with Active Directory users/groups.

We've seen a demo by Varonis DatAdvantage and it's very impressive.  The price tag is not:  $70,000 initial fee, then $14,000 after that per year.  We have ~650 users.

Are there any competitors or software similar to this?
0
Comment
Question by:trippleO7
  • 3
  • 2
  • 2
7 Comments
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 21806793
You can do it with built/in functionality in Active Directory by creating GPOs and setting the necessary permissions in Computer Configuration\Windows Settings\Security Settings\File System
Right-click and choose Add File
Browse to the folder for existing paths on the current computer or add a manual path in the input field for paths that doesn't nead to exist.
Click ok and choose the necessary permissions..

Link the GPO to an OU with computer objects.
0
 
LVL 6

Author Comment

by:trippleO7
ID: 21807003
Thanks for the reply.  We're looking more towards software that would allow us to basically click on a file, see the permissions (similar to what's built-in to a Windows OS), and then go a step further to be able to click on a user or group to be able to see what folders they have permission to and what level of permission.  Then to be able to make changes on the fly as needed.

It would serve as a Auditing and Security compliance, as well as permission management.  I hope that explains it in better detail.

An example would be:  The head of HR comes down and requests to see if a certain person has access to a particular folder, or to see everything this person has access to, on the network, it's proving to be difficult for us (IT Dept) to gather that information.

Another example would be:  One person leaves the company and a replacement is hired.  We are given the task of granting this new person access to everything the previous employee had access to.  It seems nearly impossible to complete this type of request.

0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 125 total points
ID: 21807163
Yes, reporting is always an issue...
Take a look on Hyena, www.systemtools.com, which maybe does what you want.

When replacing a user to give the new user the same permissions, just rename him to keep the SID or always use groups when setting permissions. Setting permissions directly to an user will be easy for the moment, but will be a real pain in the future when neading to clean up and remove permissions.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 58

Expert Comment

by:tigermatt
ID: 21807290
Hyena will do the job of showing you what resources, files and folders a user has access to on the network, and it's not as expensive.

>> "We are given the task of granting this new person access to everything the previous employee had access to"
It would be a lot better if you created groups to do this sort of thing. You would assign all of your common permissions say for a particular department to one security group, then just make users a member of that group and use the GROUP on the NTFS security over the folders. Doing this means you keep things tidy by not defining individual user accounts on the file system, and for the replacement user, you just need to make them a member of the same groups and all permissions will be inherited down to them.

-tigermatt
0
 
LVL 6

Author Comment

by:trippleO7
ID: 21807355
Thanks.  I didn't know Hyena had this capability.  We actually own a license of it so I will be checking it out.  I'm able to see which users/groups have permissions to a particular folder, but not the opposite.  I'll have to look at how to do this.

The group thing is what got us started looking at a solution like this.  We have too many folders with individual user accounts and we have a security overhaul starting in the next few months.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21807374
>>> "a security overhaul starting in the next few months."
It will be for the better, I can guarantee!

Good luck with Hyena, please post back how you get on.
0
 
LVL 6

Author Closing Comment

by:trippleO7
ID: 31468093
I haven't figured out how to check a user/group within Hyena to verify which shares it has access to, but I have an open question on the Hyena Forums about it.  I will post back what I find out.  
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question