Solved

Notification of security restrictions on NTFS folders.

Posted on 2015-01-12
4
172 Views
Last Modified: 2015-01-12
I have some folders on a company share that supervisors have requested certain people have access and only one person can approve changes.

We have a handful of people in IT that can give users rights.  Many times rights are based on similar job roles.

I thought about making new groups that would indicate higher security is enforced.  (ex: Approved_Access_Support_Dept)

Anyone know of any way to alert IT staff that a folder has more restrictions than others?  We do try to check with a folder owner however much of the decision is based on department or role.  We are also not interested in adding any additional software on the server.   Readme files only work if you go into each folder/subfolder to see if any are there.  
They do not want to change the name of the folders.   Thanks
0
Comment
Question by:PostQ
  • 2
4 Comments
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40545115
I'm not sure I have a clear understanding of your question.  You want to know users or groups have security permissions on folders, or are you looking for a script to step through and list permissions on folders in a share?  I'm assuming you aren't talking about an automated process that alerts an admin when permissions are changed.
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 500 total points
ID: 40545117
If you use exchange on site too then this is what we do....

Create a New AD Universal security group.  Example  DRIVE_SuportDesk
Use exchange to set this as a Mail enabled security group.
Now modify the share itself so that this group is the principle security permission on it instead of users
In the EMC edit the new Distribution groups properties and set the Manager as the person who authorises access to the share.

This user "Manager" can now use outlook to add/remove members of the distribution group and therefore give/take away rights to the share.


We also create a  DRIVE_SuportDesk_RO group for Read Only members access to the folder.

If you need any further explanations feel free and ask.
0
 
LVL 2

Author Closing Comment

by:PostQ
ID: 40545217
I think this will do what we want as well as have the share self-managed from the manager approving the users.

Thanks
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40545223
You're welcome.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question