What user credentials does NTFS Security Manager use to connect to a domain / server?
By default, NTFS Security Manager uses the currently logged on user context to connect to a domain / server. If NTFS Security Manager determines, that the currently logged on user does not have sufficient permissions on the specified server, an ‘Enter Network Password’ dialog appears allowing the user to enter the User Credentials to connect to the server. The NTFS Security Manager then establishes a session with the destination domain / server, using the user credentials specified.
If ‘Use Active Directory Services’ is selected as Computer Enumeration option, then you can specify alternate domain credential (having domain administrator privileges) for managing all computers in each domain. In this case, NTFS Security Manager establishes a session with the destination domain / server of the specified domain, using the specified user credential.
What permissions or privileges are required to read data from a Windows server on the network?
To read data from a Windows Server on the network, the currently logged on user or the User Credentials specified must:
What Services and Settings does NTFS Security Manager require on a local or remote computer to collect permissions data?
“Enable NetBIOS over TCP / IP” option is enabled under the “Advanced” button in WINS tab of the TCP / IP property sheet.
Why do I get the message Attempted to perform an unauthorized operation?
When modifying the NTFS permissions of the share / while reading the NTFS permissions of the share, you can get the above stated message. The following may be one of the reasons for such a scenario:
Why do I get the message The specified domain does not exist. Specify a valid domain name. while adding / editing / connecting to a domain?
When the Computer Enumeration option is set to ‘Use Active Directory Services’, NTFS Security Manager queries Active Directory for enumerating servers present in a domain. During this process, NTFS Security Manager tries to connect to the Active Directory Server (Domain Controller) of the specified domain internally. If NTFS Security Manager is unable to find the domain controller for the selected domain, it will display the stated message. The following may be one of the reasons for such scenario:
Why do I get the message The specified forest does not exist or cannot be contacted. in ‘Add domains from forest’ option?
When the Computer Enumeration option is set to ‘Use Active Directory Services’, NTFS Security Manager queries Active Directory for enumerating domains present in a forest. During this process, NTFS Security Manager tries to connect to the Active Directory Server (Domain Controller) of the specified forest internally. If NTFS Security Manager is unable to find the domain controller for the selected forest, it will display the above stated message. The following may be one of the reasons for such a scenario:The domain controller for the forest that you have selected might have been switched off.
The computer where NTFS Security Manager is installed is unable to resolve the specified DNS name of the forest.
While revoking or modifying permissions, I still notice that certain old permissions exist. How do I overcome this?
The Revoke and the Modify tools do not break the inheritance. This is the default behavior. They make changes to only the explicit permissions. If you notice the old permissions, it could be because of inherited permissions from the parent. If you need to have these removed, you may use the Grant or the Modifier tool to block inheritance from the Parent.
How do the options Copy and Remove permissions work when Inheritance from parent is blocked / removed?
The Copy permissions option will remove the inherited permissions from the parent object and copy the inherited permissions as explicit permissions.
The Remove permissions option will remove the inherited permissions from the parent object. After applying this option only the existing explicit permissions remain.
While using the tool, what are the important precautions to be taken?
NTFS Security Manager can be used to change NTFS permissions across Shares, Folders and Files. You have to absolutely ensure that only responsible persons within your organization use this software. The users using this software must have sufficient knowledge about tinkering with NTFS permissions on your file servers and workstations. The software must be used carefully and the end user must know what he is intending to accomplish using the features of the tool.
CAUTION: Wrong or inadvertent use of the software Wrong or inadvertent use of the software will compromise the security of your file system and may make the shares and folders either inaccessible or open them up for unauthorized access.
I am unable to see folders within a remote share while using the application, even though the remote share has permissions for the account running the application.
For Win7 and Windows 2008 R2, blocking inheritance on descendant objects of a remote share and when no explicit permissions have been granted for the account using the application on the descendant objects, would make the descendant objects root share. If you wish to view these folders, then login to the remote computer and allow inherited permissions from the share to the descendant objects or assign explicit permissions on the descendant objects for the application account.
Does the software take ownership and make changes to permissions in any of its features?
NO. The software is designed to not take ownership of folders and files. The owner of the object will continue to retain their ownership with all the existing owner permissions after the permission changes are effected using the software. So, no matter what changes are made to permissions using the application, the existing owner permissions are retained on the shared folders.
What are all the error messages that one is likely to see when making changes to permissions?
Unable to remove the Account or selected ACL entry: You may get this error message when the selected account has other inherited permissions from the parent object or the selected account is an invalid account.
Unable to add an account: You may get this error message when the application is unable to resolve the account SID. This may happen if the selected account is an “Unknown account” or if the account is from another domain.
Why do I get the Unable to collect available central access policies message while clicking ‘Change’ button to enumerate available central access policies from domain?
This may happen if any one of the following conditions is true: