Posts

Managing Data Access on Windows Fileservers: Tooling & Reporting

Step 5: Tooling & Reporting

Tools, Quality Checks, and Reporting

The last step in managing data access on Windows fileservers is implementing proper tooling and reporting. Management of folders through tools, quality checks, and reporting is important for maintaining the integrity of your IT infrastructure.

Without using appropriate tools for checking the permissions, effectively managing folders can be a cumbersome process and prone to security leaks.

A professional folder permissions tool will run a quality check and give a report listing all the users/groups together with their allowed level of access, allowing you to make informed decisions.

Even if you create multiple security groups with permissions for each individual data object, as much as this could seem to be a very large number of groups in the AD (Active Directory), a good reporting tool will make your life a lot easier.

Deploying a reporting tool will minimise any administrative confusions and the advantages will make you have more quality sleep.

C:\Users\carst\AppData\Local\Microsoft\Windows\INetCache\Content.Word\index02-10.png

Support Using Scripts

Scripts are versatile tools that can be used for managing folder permissions and ensuring their security.

The administration may seem confusing at first glance, but the construction of permissions can be mapped in an Excel worksheet, as explained in the previous chapter.

That is, the administration of permissions can be monitored using a simple Excel table. One can, for instance, create a matrix for every object type (file access, mail distribution, SharePoint access).

By using a simple VBA or PowerShell script, the permissions can be transferred to the AD automatically.

In this way, an administrator does not have to have direct access to the file system. In addition, administrators will no longer have to fight through the AD and the file server ADLs.

By running a script, requests requiring changes in the permission structure can be easily taken care of.

Support Using Tools

There are, of course, comfortable systems for taking care of administration tasks that provide the administrator or person in charge of permissions with a nice UI with many possibilities, especially if none of them have scripting experience.

These tools make it possible for a less-skilled administrator, who does not have a deep knowledge of permissions assignments in the NTFS file system, to carry out administration tasks quickly and easily.

In other words, these tools make it possible for the administrator to have a life without worries, since he/she will no longer need to spend a lot of time administrating groups in the AD and does not have to work on the permissions in the file system again and again.

Instead, the administrator will be able to allot additional time to more meaningful tasks.

Security Analysis and Reporting

C:\Users\carst\AppData\Local\Microsoft\Windows\INetCache\Content.Word\separated index02-11.png

When the assignment of groups to folders has been done, it is possible, with some effort, to do manual analyses of the effective permission holders.

Everyone who is a member of a certain group will have a specific access permission to a specific object and, if necessary, its child objects. That means that the access possibilities in each area can be shown by a simple analysis of group memberships.

Here is an example of a simple PowerShell script that lists who can access “Accounting” and which permissions each of them have.

The same is true for persons (Individual Active Directory accounts). An employee is a member of certain access groups.

Because of the uniqueness of the membership, it is possible to show immediately which objects the employee can access and what permissions he/she has.

But what if the security groups are nested? For instance, what if a group is itself a member of another group, whose members have access to a specific folder.

In such a case, the analysis will be more time-consuming and prone to errors, as it is easy to lose track of things in more complex contexts.

As already mentioned, professional tools offer far more possibilities and a more comfortable user interface. In addition, such tools do not require coding expertise and can be provided to the data owner or even directly to users.

Documentation

C:\Users\carst\AppData\Local\Microsoft\Windows\INetCache\Content.Word\index02-06.png

Surveys show that only about half of all IT administrators document their work. Thus, many are not documenting how the administration of permissions is taken care of or who, why, when, and where permission was gained or revoked and by whom.

If there is a data security breach or audit, this lack of planning can have serious consequences.

As an administrator, you should ensure you keep updated and audited reports of folder permissions; otherwise, the security consequences could be difficult to contain.

No Tools for Managing Security Rights

C:\Users\carst\AppData\Local\Microsoft\Windows\INetCache\Content.Word\transparency index03-01.png

Without any tools to manage security rights, you will lack control over your critical infrastructure.

The complexity of IT is constantly increasing. This applies not only to applications, networks, data quantities, and possibilities, but also to globalisation and the use of resources that are not on-site or that have been leased.

Administrators are being confronted with increasing demands and are frequently overburdened and unable to cover the breadth of all of their activities.

Because of that, it is imperative to deploy tools to make the work easier, reduce the effort required, generate automatic documentation, and maintain the integrity of all processes.

Download Checklist

Click here to download a checklist that will assist you with implementing proper tooling and reporting

Conclusion

For the previous couple of articles, we’ve talked about the following five steps to managing access on Windows fileservers effectively:

We hope you’ll make use of the steps to take your data access management to the next level.

Do you have any comments or questions?

Please post them below.

More Space! The Four Best Free Windows Disk Space Analyzing Tools

Having sufficient hard drive space is the desire of every computer user. Who doesn’t constantly check to find out whether there is enough disk space left for a new application, picture, or anything else?

With a good analyzing tool, you can conveniently examine what is taking up most of the room in your hard drive, and take appropriate actions to reclaim your resources.

Here are four of the best free tools you can use to scan your hard drive and pinpoint files and folders unnecessarily consuming extra space on your Windows machine.

1. WinDirStat

WinDirStat is a powerful, free tool you can use to analyze the space available in your hard drive.

You can download it from here.

It has a simple, beautiful interface, which enables you to see exactly what’s consuming drive space. After you’ve launched WinDirStat, it will begin to scan your hard drive, and display the results in three panes.

WinDirStat

The top-left pane displays a directory list displaying the size occupied by folders and files. The biggest folders are at the top of the list, allowing you to easily identify the big space consumers.

The top-right pane displays the various file types on your local disk, together with the amount of space they consume.

The bottom pane displays a “treemap”, which is a color-coded representation of what is using the drive’s space.

For instance, if you click on any directory in the directory list, and click the ‘+” button to expand its contents, you’ll see a corresponding area highlighted in the treemap. You can click any area on the tree to see the folder or file it represents.

If you want to delete any folder or file from your hard disk, right-click on it and select the “Delete” option.

2. SpaceSniffer

This free tool displays the data associated with the space occupied by files and folders in a nice-looking visual treemap. This way, you can easily identify which items are consuming the largest amount of space in your hard disk.

You can download the tool from here.

SpaceSniffer

As you can see from the above screenshot, after the scanning process is complete, SpaceSniffer utilizes blocks of various sizes to demonstrate the sizes of the files (default color is blue) and folders (default color is brown).

If you want to get more information about any particular file or folder, just double click its respective block, and you’ll be sent deeper the rabbit the hole—to eventually right click to access other options like “Delete”.

SpaceSniffer

You can do filtering to get some specific results. For example, on the filter field, you can type *.jpg and press enter, and the results will have only JPEG files.

In case you want to export the results, then under the “File” tab, click “Export to file”, and follow the prompts.

3. TreeSize

TreeSize, the free version, is another excellent tool you can use to analyze your hard disk space. It has a slick interface to assist you quickly keep an eye on your hard drive usage.

You can download it here.

Once a scan is completed, TreeSize will display the results for your analysis. The section on the left shows the amount of space each folder occupies—with the colored bar visualizing the extent of the occupied disk space. You can click on a folder to open it and see the sub-folders. You’ll notice that longer and opaque bars represent larger folders, and vice versa.

The three visualization options available are pie chart, bar chart, and treemap. The option you choose will be displayed at the center of the tool.

TreeSize

Under the “Extensions” view, you’ll find different types of files, and the size of their occupied space. You can also see the amount of space every computer user utilizes under the “Users” view.

On the bottom-left section, there is a drive list that displays used and free disk space on each single drive. The S.M.A.R.T. (Self Monitoring Analysis and Reporting Technology) is a unique feature that scans the hard drive and gives its health condition. If failure is displayed in the column, it indicates that you should replace your hard drive as soon as possible.

4. Windows 10 in-built tool

Is a bird in hand worth two in the bush?

Then, if you can’t access any of the above tools for any reason, then you can use the in-built Storage settings tool that comes with Windows 10. It can be your bird in hand to assist you quickly identify the heavy space consumers in your hard drive.

To use this feature, click “Settings”, “System”, and then select “Storage” from the ensuing list. Here, you’ll be presented with a list of items consuming the drive’s space.

Windows 10 in-built tool

If you click any category, you’ll be able to see how space is utilized in the chosen drive. For instance, you’ll be presented with a list of applications available in your system, which you can sort according the space they consume.

Even though this in-built Windows 10 does not have extensive features like the others, it’s a quick way of analyzing your disk space, and save yourself the hassle of downloading and installing a third-party software.

Conclusion

When optimizing your space utilization on a Windows machine, it’s also important to verify user permissions for your folders or shares.

With enhanced visibility into the effective permissions and access rights accorded to users, you can ensure the security of your data and have a peace of mind that everything is in safe hands.

And, FolderSecurityViewer offers you just that!

It’s an intuitive tool that allows you to get quick and useful overview to the access rights granted to your IT infrastructure.

You can try it out (for free) today!