file server review scope

I was hoping to scope out some useful tests to include as part of an audit / health check of some traditional file servers, which act as team repositories for shared documents/files, and another acts as a home drive server where each employee has a home drive area locked down just to them. I was thinking of basics such as:

access control lists (ACL) - ensure permissions on directories are appropriately restricted and restrict access based upon need to known principles
teams consuming masses of space (poor internal practices)
documents with no recent last access attribute - compare to data retention requirements etc
non-administrators who have full control over shares/directories (should not be the case)
general OS security (e.g patches, local administrators, backups)
general monitoring (e.g. capacity/free space)

can you think of any more areas that would be of benefit in such a review?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shaun VermaakTechnical SpecialistCommented:
access control lists (ACL) - ensure permissions on directories are appropriately restricted and restrict access based upon need to known principles
ACLS directly on users, groups with no members, groups with one user.
https://www.experts-exchange.com/articles/32349/FSMainFolder-Files-Server-Structure-Automation-Tool.html
I prefer delegation and role groups and I automate folder permissions (I have an automated created of group and folder process too)
https://www.experts-exchange.com/articles/29366/Delegation-the-proper-way.html
documents with no recent last access attribute - compare to data retention requirements etc
In such a report you should use date created, date modified and date access such as here
https://www.experts-exchange.com/articles/32531/File-Share-Archiving-Solution.html
teams consuming masses of space (poor internal practices)
FSRM has some nice reports. Archiving (above) and dedup will take care of this
non-administrators who have full control over shares/directories (should not be the case)
Part of an ACL audit with SetACL.exe perhaps. If you use FSMainFolder tool above you will not have this issue
general OS security (e.g patches, local administrators, backups)
I prefer to enfore rather than audit local admins. for this I use preferences
https://www.experts-exchange.com/articles/29652/Strategy-to-centrally-manage-Local-Administrators-group-from-Active-Directory.html
general monitoring (e.g. capacity/free space)
FSRM has some nice reports

Additional things to check to detect ransomware
  • Mass changes
  • Files with unknow type (using magic number)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Raja Jegan RSQL Server DBA & Architect, EE Solution GuideCommented:
I've seen one of my client using the below tool to audit their File Server..
Try using the trial version to see the key parameters that it is measuring and ensure that you have all those metrics or checklist available in place or not..
If you like the tool, then you can buy it or else just go through their website to see the list of metrics they capture for Cybersecurity..
https://www.lepide.com/lepideauditor/file-share-auditing.html
pma111Author Commented:
I wasn't necessarily talking about auditing in the sense of what has changed to files etc.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage

From novice to tech pro — start learning today.